Skip to main content

Install Passbolt on Helm Chart

caution

Installing Passbolt on Kubernetes with our Helm chart is considered to be a very advanced installation method. If you are not very comfortable and familiar with Kubernetes we strongly recommend that you install via one of our other methods.

System requirements

FAQ pages:

Helm install

The easiest and recommended way to deploy your Passbolt Helm chart is to use helm install.

Step 1. Set up our Helm repo

helm repo add passbolt-repo https://download.passbolt.com/charts/passbolt

Step 2. Get a copy of the values file

wget https://raw.githubusercontent.com/passbolt/charts-passbolt/main/values.yaml

Step 3. Configure values file to customize your instance and enable the Passbolt PRO installation

The APP_FULL_BASE_URL environment variable is set by default to https://passbolt.local, using a self-signed certificate.

Update this variable with the server name you plan to use. You will find at the bottom of this documentation links about how to set your own SSL certificate.

As the values.yaml file is set up for CE by default you'll need to adjust the tag for the Passbolt image to pro. You can find this on line 59 of values.yaml.

    # -- Overrides the image tag whose default is the chart appVersion.
tag: 3.11.1-1-pro

It is recommended to just change ce to pro but you can use any of the tags that you want to.

The next thing you will need to do is uncomment the two lines dealing with the subscription key. You can find these on lines 88 and 90.


# -- Pro subscription key in base64 only if you are using pro version
subscriptionKey:
# -- Configure passbolt subscription key path
subscription_keyPath: /etc/passbolt/subscription_key.txt

For subscription key it expects the key to be base64 encoded. Yes, the one supplied to you by us is already base64 encoded once, but you'll need to do that again and put that in as the value for subscriptionKey.

If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects.

gpg --armor --export-secret-keys <email you created keys with>  | base64 -w 0
gpg --armor --export <email you created keys with> | base64 -w 0

You must configure also SMTP settings to be able to receive notifications and recovery emails.

For more information on which environment variables are available on passbolt, please check the passbolt environment variable reference

Important

By default we have the ingress set to false, you'll need to decide how you want to handle this to access the web page.

Additionally the following charts are used by Passbolt and you can adjust the values under their respective headings in values.yaml

RepositoryNameVersion
https://charts.bitnami.com/bitnamimariadb11.3.5
https://charts.bitnami.com/bitnamiredis17.3.8
https://passbolt.gitlab.io/passbolt-ops/passbolt-helm-librarypassbolt-library0.2.1

Step 4. Run helm install

helm install -f values.yaml my-passbolt passbolt-repo/passbolt

At this point, you should have a working Passbolt setup via Helm running on the most up to date PRO version of Passbolt.

Manually creating first admin user

Once the Helm chart is deployed, you can create your first user by running the following command:

kubectl exec -it  <passbolt-pod-name> -- /bin/bash -c "su -s /bin/bash -c \"bin/cake passbolt register_user -u <email> -f <firstname> -l <lastname> -r admin\" www-data"

It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

https://mydomain.com/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc

Going further

Passbolt docker repository: