How to Install Passbolt? A Proper Guide  

In today's connected business environment, securing credentials is a top priority. Especially for teams, managing passwords collaboratively without compromising on security can be a challenge. This is where Passbolt steps in — an open-source, self-hosted password manager designed specifically for teams and businesses.

Unlike most consumer-focused password managers, Passbolt emphasizes teamwork, privacy, and granular access control. It’s ideal for IT teams, development agencies, or any organization that values secure password sharing and role-based access.

This guide covers the installation process of Passbolt, explaining everything from prerequisites to post-installation steps, to help you get your team up and running with this powerful password management solution.

What Is Passbolt?

Passbolt is an open-source password manager built with team collaboration in mind. It allows users to store, share, and manage credentials securely using modern cryptography. Unlike cloud-based tools, Passbolt gives users full control over their data by enabling local installation on private servers.

Key features include:

• End-to-end encryption using OpenPGP
  
  

• Role-based access control and team permissions
  
  

• Integration with LDAP and Active Directory
  
  

• Audit logs and activity tracking
  
  

• REST API support for automation and DevOps teams
  
  

• Open-source and community-driven
  
  

With Passbolt, your team can share credentials securely without relying on third-party servers or risking accidental data leaks.

Choosing a Deployment Environment

Before installation, you need to decide where to deploy Passbolt. The most common environments include:

• On-premise Linux server (Debian or Ubuntu recommended)
  
  

• Cloud-based virtual machine (AWS, DigitalOcean, or similar)
  
  

• Docker container for isolated and modular deployment
  
  

Each environment has its own benefits. A virtual machine or cloud deployment is generally easier to scale, while an on-premise setup gives complete internal control. Docker is best suited for advanced users who want to integrate Passbolt into an existing containerized infrastructure.

Prerequisites and System Requirements

To install Passbolt, the system should meet the following requirements:

• A clean Linux-based system (Ubuntu 20.04 or later, or Debian 10 or later)
  
  

• A non-root user with sudo privileges
  
  

• A web server (Nginx or Apache)
  
  

• PHP 8.1 or higher with required extensions
  
  

• MariaDB or MySQL for the database
  
  

• GnuPG for OpenPGP encryption
  
  

• SSL certificate for HTTPS access
  
  

• Internet connection for package installation and updates
  
  

Make sure your server is updated with the latest security patches before beginning the installation.

Installing Passbolt on a Linux Server

Passbolt offers a Debian-based installation script that simplifies the process significantly. The script installs the core Passbolt application, web server, and dependencies.

The general process includes:

• Updating the server packages
  
  

• Installing required dependencies such as PHP, MariaDB, and GnuPG
  
  

• Downloading and installing the Passbolt application
  
  

• Running the installation wizard to configure settings
  
  

You’ll also need to:

• Set up the database and user credentials
  
  

• Configure web server settings and virtual hosts
  
  

• Generate or install an SSL certificate for secure HTTPS access
  
  

• Initialize Passbolt with an admin user through a web interface or CLI
  
  

Once installed, you can access the web interface via a browser and complete the initial setup, including user registration and team setup.

Using the Passbolt Installation Wizard

After installation, the Passbolt installation wizard will guide you through:

• Checking system compatibility
  
  

• Connecting to your database
  
  

• Setting the application URL
  
  

• Creating the administrator account
  
  

• Verifying GPG key settings and configuration
  
  

This process ensures that your server is correctly set up and all critical components are functioning.

Once configured, the administrator account will be able to log in and invite other team members.

Installing Passbolt with Docker

For users comfortable with containerized environments, Docker is a great way to install Passbolt.

Passbolt provides an official Docker image that includes everything required to run the application. With Docker, installation typically involves:

• Installing Docker and Docker Compose
  
  

• Downloading the docker-compose.yml file from the official repository
  
  

• Setting environment variables for database credentials, domain, and GPG keys
  
  

• Running the containers with Docker Compose
  
  

• Accessing the application from your configured domain or local IP address
  
  

Docker simplifies scaling and maintenance, and it's a good fit for development and staging environments.

Configuring HTTPS and Domain Access

For production environments, always use HTTPS to encrypt traffic between the server and users. You can obtain a free SSL certificate using Let’s Encrypt or use an internal certificate authority for private networks.

If deploying in the cloud or over the internet:

• Assign a domain name to your server
  
  

• Configure DNS records to point to your server’s public IP
  
  

• Install and configure SSL certificates using Certbot or your preferred tool
  
  

• Set up firewall rules to allow only necessary traffic on ports like 80 (HTTP) and 443 (HTTPS)
  
  

Securing your installation is essential, as it protects user credentials and internal system access.

Setting Up Users and Teams

Once Passbolt is installed and accessible via your browser, you can start adding users and organizing them into groups.

Each user must:

• Register via an invite sent by the administrator
  
  

• Generate or upload a PGP key for authentication
  
  

• Securely log in with their credentials
  
  

Teams can be created for departments or projects, allowing for granular access control. Passwords can be shared with individuals or entire groups, and administrators can assign permissions such as view, edit, or share.

This flexibility makes Passbolt particularly effective for teams that need to work securely without sacrificing convenience.

Managing Passwords and Access Control

Passbolt allows you to store passwords along with related metadata, including:

• Username
  
  

• URL
  
  

• Notes or instructions
  
  

• Labels and tags
  
  

Each password entry can be shared with other users or groups. You can define access rights such as:

• Read-only
  
  

• Modify
  
  

• Share with others
  
  

• Revoke access
  
  

These features give administrators tight control over who sees what, which is critical for teams handling sensitive credentials.

Monitoring and Logs

One of Passbolt’s enterprise-friendly features is its robust activity tracking.

Administrators can:

• View logs of user activity
  
  

• Track password access and modification
  
  

• Monitor failed login attempts
  
  

• Review configuration and security settings
  
  

Passbolt’s logging system ensures transparency and helps with security audits, compliance, and internal investigations.

Backup and Recovery

Protecting your data is vital. Set up a backup routine that includes:

• Daily backups of your database
  
  

• Periodic exports of your Passbolt configuration
  
  

• Backup of the GPG keyring used for encryption
  
  

• Secure offsite or cloud backup storage
  
  

Test your recovery process regularly to ensure your team can restore access in the event of hardware failure or security incidents.

Keeping Passbolt Up to Date

Regular updates are crucial for security and functionality. Depending on how Passbolt was installed, you can update via:

• Apt package manager (for Debian installations)
  
  

• Git and Composer (for manual installs)
  
  

• Docker pull and container rebuild (for Docker environments)
  
  

Monitor Passbolt’s changelogs and community channels to stay informed about new releases, features, and patches.

Conclusion

Passbolt offers a powerful, team-oriented approach to password management that combines security, transparency, and flexibility. With strong encryption, role-based access, and seamless sharing capabilities, it provides a scalable solution for teams of any size.

Installing Passbolt may require a bit more setup compared to cloud-based managers, but it rewards you with full control, compliance readiness, and peace of mind. Whether hosted on-premises or in the cloud, Passbolt ensures your credentials remain secure, accessible, and efficiently managed.

Once set up, your team will have a centralized, secure environment for managing credentials—helping reduce risk, improve accountability, and boost productivity.