Passbolt is an open-source password manager built around end-to-end encryption with OpenPGP and browser extensions for Chrome and Firefox. It supports login automation, role-based access control, and credential sharing across teams. This guide deploys Passbolt CE on Ubuntu 24.04 using the official APT installer, configures Nginx and Let's Encrypt during install, and walks through the web-based setup wizard. By the end, you'll have Passbolt managing encrypted credentials securely at your domain.
Prerequisite: Ubuntu 24.04 server (also works on Debian 12, Rocky Linux 9, Alma Linux 9 — see notes below), non-root sudo user, and a domain A record pointing at the server.
Open the Firewall
$ sudo ufw allow 80,443/tcp
Install Passbolt CE (Ubuntu 24.04 / Debian 12)
1. Download the installer and the checksum file:
$ curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
$ curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
2. Verify the installer checksum:
$ sha512sum -c passbolt-ce-SHA512SUM.txt
3. Add the Passbolt repository:
$ sudo bash ./passbolt-repo-setup.ce.sh
4. Install the server:
$ sudo apt install passbolt-ce-server
Answer the interactive prompts:
- Create a new database: Yes
-
Database admin username:
root - Database admin password: (set a strong value)
- Passbolt database user / password / name: create a dedicated user
- Configure Nginx: Yes
-
SSL certificate option:
Auto(Let's Encrypt) -
Domain name:
passbolt.example.com - Let's Encrypt email: your email
The installer issues a Let's Encrypt certificate, wires Nginx, and starts the application.
Install Passbolt CE (Rocky Linux 9 / Alma Linux 9)
$ curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
$ curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
$ sha512sum -c passbolt-ce-SHA512SUM.txt
$ sudo bash ./passbolt-repo-setup.ce.sh
$ sudo dnf install passbolt-ce-server
$ sudo /usr/local/bin/passbolt-configure
Answer the prompts:
-
Install local MariaDB:
1 - MariaDB root password / Passbolt DB user / password / DB name
-
Hostname:
passbolt.example.com -
SSL certificate generation:
2(Auto) - Let's Encrypt email
Complete the Web Setup
- Open
https://passbolt.example.comand click Get Started → Start configuration. - Enter the database connection details (host
localhost, the user, password, and database name from the install). - Configure the server OpenPGP key (server name + email; keep RSA-DSA, 3072 bits).
- Set the full base URL and enable Force SSL.
- Configure SMTP (sender name, sender email, SMTP host, credentials).
- Create the administrator account (first name, last name, username).
- Set a strong passphrase and store it offline.
- Download the recovery kit when prompted — without it, the account is unrecoverable.
- Choose a security token color.
- Install the Passbolt browser extension when prompted.
- The dashboard loads, ready for credentials.
Create Folders and Credentials
-
Dashboard → Create → Folder — name it (e.g.
Infrastructure), save. - Open the folder → Create → Password — enter name, URL, username, and the secret. Save.
- Browse to the matching login page — the extension autofills via the registered passphrase.
Next Steps
Passbolt is running with HTTPS at your domain. From here you can:
- Invite team members from Users → Add user with per-role permissions
- Configure single sign-on (SSO) with SAML or OIDC
- Enable MFA (TOTP, YubiKey, DUO) for admin accounts
- Schedule encrypted backups of
/etc/passbolt/gpgplus the MySQL database
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)