Deploying Passbolt on Ubuntu 24.04, Debian 12, Rocky Linux 9, and Alma Linux 9
Passbolt is an open-source password management platform designed to store and organize passwords and other confidential data using end-to-end encryption. Operating mainly as a browser extension for Chrome and Firefox, it performs all encryption and decryption tasks locally in the browser via OpenPGP, ensuring maximum security. Passbolt also offers features such as login automation, password autofill, role-based access management, and secure credential sharing among teams.
This guide describes how to install, configure, and use Passbolt on Ubuntu 24.04, Debian 12, Rocky Linux 9, and Alma Linux 9.
Prerequisites
Before proceeding, ensure you meet the following requirements:
- Access to a Linux server running one of these operating systems with a non-root sudo user:
- Ubuntu 24.04
- Debian 12
- Rocky Linux 9
- Alma Linux 9
- Create a new A record in your DNS that points to your server’s public IP address, e.g., passbolt.example.com.
Install Passbolt
You can deploy Passbolt on several Linux-based distributions. This section provides the steps for installing Passbolt on Ubuntu 24.04, Debian 12, Rocky Linux 9, and Alma Linux 9.
Install Passbolt on Ubuntu 24.04 or Debian 12
Follow the steps below to install Passbolt on your Ubuntu 24.04 or Debian 12 based instance.
Download the installation script for Passbolt dependencies.
$ curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
Download the checksum for the installation script.
$ curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
Verify the integrity of the downloaded script.
$ sha512sum -c passbolt-ce-SHA512SUM.txt
Output:
passbolt-repo-setup.ce.sh: OK
Execute the installation script.
$ sudo bash ./passbolt-repo-setup.ce.sh
Configure the firewall to allow HTTP traffic from port 80 and HTTPS traffic from port 443.
$ sudo ufw allow 80,443/tcp
Install Passbolt.
$ sudo apt install passbolt-ce-server
This command installs the community edition of Passbolt on your Linux instance. It then presents prompts to configure the database for storing Passbolt’s encrypted data.
Passbolt uses MySQL to store encrypted passwords and user information. Choose Yes and press Enter when prompted to create a new database.
Create Passbolt Database
Set the database administrator username to root and press Enter.
Database Administrator Username
Enter the administrator password and press Enter.
Database Administrator Password
Create a new database username for Passbolt and press Enter.
Set Database Name
Set a password for the Passbolt database user and press Enter.
Set Password
Re-enter the password for confirmation.
Confirm Password
Specify a database name for Passbolt and press Enter.
Set Database Name
Select Yes to configure the Nginx web server for Passbolt.
Configure Nginx
Select Auto as the SSL certificate option to automatically generate and configure a self-signed SSL certificate using Certbot.
Enable SSL
Enter your domain name and press Enter.
Set Domain
Enter the email address for Let’s Encrypt notifications.
Lets Encrypt Administrator Email
Once these steps are completed, the Passbolt installation finishes.
Install Passbolt on Rocky Linux 9 or Alma Linux 9
Follow the steps below to install Passbolt on your Rocky Linux 9 or Alma Linux 9 based instance.
Download the installation script for Passbolt dependencies.
$ curl -LO https://download.passbolt.com/ce/installer/passbolt-repo-setup.ce.sh
Download the checksum for the installation script.
$ curl -LO https://github.com/passbolt/passbolt-dep-scripts/releases/latest/download/passbolt-ce-SHA512SUM.txt
Verify the integrity of the downloaded script.
$ sha512sum -c passbolt-ce-SHA512SUM.txt
Output:
passbolt-repo-setup.ce.sh: OK
Execute the installation script.
$ sudo bash ./passbolt-repo-setup.ce.sh
Install Passbolt.
$ sudo dnf install passbolt-ce-server
This command installs the community edition of Passbolt on your Rocky Linux 9 or Alma Linux 9 instance.
Run the following command to start the interactive configuration of Passbolt.
$ sudo /usr/local/bin/passbolt-configure
This command installs dependencies, configures the firewall and database, sets up Nginx, and generates and installs a TLS certificate for the Passbolt web interface.
When prompted to choose the database setup method, enter 1 to install a local MariaDB server.
Do you want to install a local MariaDB server on this machine?
1) yes
2) no
#? 1
Enter and confirm a password for the MariaDB root user.
MariaDB Root Password
Next, specify a username for the Passbolt database, for example, passboltuser.
Passbolt Database User
Provide and confirm a password for the new database user.
MariaDB Passbolt User Password
Specify a database name for Passbolt, for example, passboltdb.
Passbolt Database Name
Enter your domain name when prompted, e.g., passbolt.example.com.
Hostname
Enter 2 when prompted to generate the SSL certificate automatically using Let’s Encrypt.
SSL Certificate Option:
1) manual
2) auto
3) none
#? 2
This setting installs a Let’s Encrypt SSL certificate and enables HTTPS on your Passbolt instance.
Provide your email address to register the certificate with Let’s Encrypt.
Enter an email address to register with Let’s Encrypt
After this step, the Passbolt installation completes successfully.
Configure Passbolt
Passbolt requires web-based configuration to finalize the setup. While server-side installation initiates the application, the browser interface completes essential configurations such as database setup, OpenPGP key generation, administrator creation, passphrase setup, and browser extension installation. Follow the steps below to finish configuration through the Passbolt web portal.
Open your browser and navigate to your domain, for example, https://passbolt.example.com. The Passbolt setup screen should appear. Click Get Started.
Passbolt Get Started
Next, click Start configuration.
Passbolt Start Configuration
Enter your database details. For the database connection URL, type localhost. Provide your username, password, and database name, ensuring they match the values used during installation. Click Next.
Passbolt Database Configuration
Now configure the server key. Enter your server name and email address. Keep the key type as RSA DSA and key length as 3072. Click Next.
Passbolt Server Key Configuration
In the Full Base URL field, type your domain name (for example, https://passbolt.example.com). Choose Yes for Force SSL and click Next.
Passbolt Base URL Configuration
Set up your SMTP details for email alerts and notifications. Enter your name in the Sender name field, and provide your email in the Sender email field. Input your SMTP host (e.g., smtp.gmail.com) and click Next.
Passbolt Email Configuration
Create the administrator account by filling in the first name, last name, and username. Click Next.
Passbolt Administrator Account Creation
You will then be redirected to set a passphrase for your Passbolt account. Enter a strong passphrase and click Next. Remember this passphrase — it is required for logging in and performing sensitive operations in Passbolt.
Passbolt Set Passphrase
A recovery kit containing your private GPG key will be automatically downloaded. Store this file securely on your device.
Check the box labeled I safely stored my recovery kit to confirm the download, then click Next.
Passbolt Recovery Kit Confirmation
Choose a color for your security token and click Next. Take note of the color and token — they help verify Passbolt’s authenticity during login to prevent phishing.
Security Token
Click the Download extension button to install the Passbolt browser extension.
Download Passbolt Extension
After installation, a confirmation page will appear. Click Next to access the Passbolt dashboard.
Passbolt Extension Installed
Access and Use Passbolt
This section explains how to create and manage passwords using Passbolt’s interface and features like autofill.
From your Passbolt dashboard, click Create to add a new entry.
Passbolt Create Entry
Select Folder to make a new folder.
Passbolt Create Folder Option
Enter a folder name, for example, Sample, then click Save.
Passbolt Name Folder
Navigate to the created folder and click Create again to add a new resource inside it.
Passbolt Create Resource in Folder
Select Password.
Passbolt Create Password
Fill in the details — name, site URL, username, and password — and click Create.
Passbolt Create Password Details
When prompted, enter your passphrase to confirm creation. Click OK.
Passbolt Password Created
Your new password entry will now be visible on the dashboard, where you can view, copy, or edit it as needed.
Passbolt Password
Passbolt Browser Integration
Select your created password (e.g., Password1) to autofill the form.
Passbolt Autofill Details
Enter your passphrase when requested. Your credentials will auto-populate, allowing you to log in instantly.
Passbolt Autofill Login
Conclusion
You have successfully installed, configured, and used Passbolt to manage passwords securely. It can now be used for storing and sharing sensitive credentials within your organization. For further information, consult the official Passbolt documentation.
