Help Search

Migrate passbolt PRO from install scripts to CentOS 7 package

Important: You may want to consider a different distribution. CentOS 7 is expected to be end of life on 30 June 2024 so you will need to migrate to a different distribution before then.

A CentOS package has been created to increase the ease of installing and upgrading passbolt.


For this tutorial, you will need:

  • A minimal CentOS 7 server.
  • Passbolt installed with the CentOS install script.

1. Take down your site

It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects such as active users corrupting the data in the middle of an upgrade.

sudo systemctl stop nginx

2. Backup your instance

First things first, as this is a sensitive operation a backup of the instance must be performed to prevent any data loss. You can follow our backup process.

3. Upgrade your system

Passbolt requires PHP 7.4 and supports PHP 8.2.

A full system upgrade to CentOS 7 is necessary before installing the passbolt CentOS package.

sudo yum upgrade

4. Install the package

Package repository setup

For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it.

Step 1. Download our dependencies installation script:

wget ""

Step 2. Download our SHA512SUM for the installation script:


Step 3. Ensure that the script is valid and execute it:

sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./  --passbolt-migrate  || echo \"Bad checksum. Aborting\" && rm -f

Install passbolt official linux package

sudo yum install passbolt-pro-server

During the installation, you will be asked to accept the Passbolt repository GPG key. You must ensure the fingerprint is exactly the same as the one below:

Importing GPG key 0xC155581D:
 Userid     : "Passbolt SA package signing key <[email protected]>"
 Fingerprint: 3D1A 0346 C8E1 802F 774A EF21 DE8B 853F C155 581D
 From       :

5. Copy existing configuration to the new location

5.1. Copy the server keys

Copy the GPG server keys as following:

sudo cp -a /var/www/passbolt/config/gpg/serverkey.asc /etc/passbolt/gpg/
sudo cp -a /var/www/passbolt/config/gpg/serverkey_private.asc /etc/passbolt/gpg/
sudo chown -R root:nginx /etc/passbolt/gpg
sudo chmod g-w /etc/passbolt/gpg

5.2. Copy the passbolt configuration

Copy passbolt configuration as following:

sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php
sudo chown root:nginx /etc/passbolt/passbolt.php
sudo chmod g-w /etc/passbolt/passbolt.php

If you are running mysql 8, please change the quoteIdentifiers setting of the passbolt.php as follow:

'quoteIdentifiers' => true

5.3. Copy the avatars

If coming from Passbolt version prior to 3.2, copy passbolt avatars as following:

sudo cp -R /var/www/passbolt/webroot/img/public/avatar /usr/share/php/passbolt/webroot/img/public/

5.4. Copy the subscription key

Copy subscription key as following:

sudo cp /var/www/passbolt/config/license /etc/passbolt/subscription_key.txt
sudo chown root:nginx /etc/passbolt/subscription_key.txt
sudo chmod g-w /etc/passbolt/subscription_key.txt

6. Nginx

Now you can remove all the old nginx configuration files from /etc/nginx/conf.d/

sudo rm /etc/nginx/conf.d/passbolt.conf
sudo rm /etc/nginx/conf.d/passbolt_ssl.conf

Then you can reconfigure the CentOS package using:

sudo /usr/local/bin/passbolt-configure

Answer the following way:

  • No to configuration
  • Yes to nginx configuration

You can then select the SSL method that suits best your needs.

7. Run the database migrations

Now it is time to run the migrations to upgrade the database schemas:

sudo -H -u nginx bash -c "/usr/share/php/passbolt/bin/cake passbolt migrate"

8. Cleanup

After you have checked you can access your new setup with the CentOS package make a backup of /var/www/passbolt and then you can delete it:

sudo rm -rf /var/www/passbolt

You may also want to check for the old CRON job that may need to be removed:

sudo crontab -u nginx -e

9. Bring your site back online

Finally take passbolt back up:

sudo systemctl start nginx
sudo systemctl restart php-fpm

Last updated

This article was last updated on November 26th, 2021.

Are you experiencing issues when updating passbolt?

Ask the community!

Something is not accurate in this documentation? You can contribute by opening an issue or making pull requests!

View on github
🍪   Do you accept cookies for statistical purposes? (Read more) Accept No thanks!