Install
Package repository setup
For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt CE and install it.
Step 1. Download our dependencies installation script:
curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
Step 2. Download our SHA512SUM for the installation script:
curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
Step 3. Ensure that the script is valid and execute it:
sha512sum -c passbolt-ce-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.ce.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.ce.sh
Install passbolt official linux package
sudo apt install passbolt-ce-server
Configure mariadb
If not instructed otherwise passbolt Debian package will install mariadb-server locally. This step will help you create an empty mariadb database for passbolt to use.
fig. Configure database dialog
The configuration process will ask you for the credentials of the mariadb admin user to create a new database. By default in most installations the admin username would be root and the password would be empty.
fig. Database admin user dialog
fig. Database admin user pass dialog
Now we need to create a mariadb user with reduced permissions for passbolt to connect. These values will also be requested later on the webconfiguration tool of passbolt so please keep them in mind.
fig. Database passbolt user dialog
fig. Database passbolt user pass dialog
Lastly we need to create a database for passbolt to use, for that we need to name it:
For SSL Zertifikets select ether follow the instrutions on
https://www.passbolt.com/docs/hosting/configure/https/ce/debian-auto/
or select none /manual -> none if your SSL is distributed through a reverse Proxy.
2. Configure passbolt
Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt can be reached. You will reach a getting started page.
fig. Passbolt welcome page before configuration
2.1. Healthcheck
The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on "Start configuration" when ready.
2.2. Database
This step is about telling passbolt which database to use. Enter the host name, port number, database name, username and password.
2.3. GPG Key
In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to authenticate itself during the login handshake process. Generate a key if you don't have one.
fill out the fields and hit next if you dont have one and it will automaticly creaty one for you.
Optional
Import a key if you already have one and you want your server to use it.
To create a new GnuPG key without passphrase:
1
2
3
4
5
6
7
8
9
10
11
gpg --batch --no-tty --gen-key <<EOF
Key-Type: default
Key-Length: 2048
Subkey-Type: default
Subkey-Length: 2048
Name-Real: John Doe
Name-Email: email@domain.tld
Expire-Date: 0
%no-protection
%commit
EOF
Feel free to replace Name-Real and Name-Email with your own.
To display your new key:
1
gpg --armor --export-secret-keys email@domain.tld
2.4. Mail Server (SMTP)
At this stage, the wizard will ask you to enter the details of your SMTP server.
if you dont have a mail-server you can use the mail-server of your choice:
mine was gmail so the smtp host is
smtp.gmail.com
and the rest is your private email you want to use and your credentials.
You can also test that your configuration is correct by using the test email feature at the right of your screen. Enter the email address at which you want the wizard to send you a test email and click on "Send test email".
pls test the information by sending the test email.
2.5. Preferences
The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.
leave the full base url with http not https if you configure SSL via a reverse Proxy
2.6. First User Creation
You need to create the first admin user account. This first admin user is probably you, so enter your details and click on next.
2.7. Installation
That's it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while the configuration process is going on.
Your user account is now created. You will see a redirection page for a few second and then will be redirected to the user setup process so that you can configure your user account.
3. Configure your administrator account
3.1. Download the plugin
Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the next step.
3.2. Create a new key
Passbolt will ask you to create or import a key that will be later use to identify you and encrypt your passwords. Your key needs to be protected by a password. Choose it wisely, it will be the gatekeeper to all your other passwords.
3.3. Download your recovery kit
This step is essential. Your key is the only way to access your account and passwords. If you lose this key (by breaking or losing your computer and not having a backup for example), your encrypted data will be lost even if you remember your passphrase.
3.4. Define your security token
Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing attacks. Each time you are performing a sensitive operation on passbolt, you should see this token.
3.5. That's it!
Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy!
No Comments