Your Own Password Manager: A Simple Guide to Installing Passbolt with Portainer

Tired of trying to remember dozens of different passwords? Or worse, using the same weak password for everything? It’s time to take control of your digital security.

In this guide, we’ll show you how to install Passbolt, a powerful and secure open-source password manager, on your own server. You will have full control over your data, and it’s easier than you think!

We will use Portainer to deploy Passbolt. If you haven’t installed Portainer yet, check out our easy tutorial first: From CLI to GUI: Manage Docker with Portainer

Ready? Let’s get started!

Step 1: Prepare Folders and Permissions

Before we deploy Passbolt, we need to create some folders on our server where Passbolt will store its data, in our case its the Server where Portainer is installed. Then, we need to give the right permissions so the containers can use them.

Connect to your server using SSH (or open the terminal) and run these commands one by one:

# Create the parent directory
sudo mkdir -p /opt/passbolt/database_volume
sudo mkdir -p /opt/passbolt/gpg_volume
sudo mkdir -p /opt/passbolt/jwt_volume

# Set the correct permissions
sudo chown -R 999:999 /opt/passbolt/database_volume
sudo chown -R 33:33 /opt/passbolt/gpg_volume /opt/passbolt/jwt_volume

This makes sure that the database and the Passbolt application can read and write their files safely.

Step 2: Create the Passbolt Stack in Portainer

Now for the fun part! We’ll use a Docker Compose file to tell Portainer exactly how to set up Passbolt.

1. Log into your Portainer dashboard.
2. On the left menu, click on Stacks.
3. Click the + Add stack button.
4. Give your stack a name, like passbolt.
5. In the Web editor, paste the following code:

YAML

services:
  db:
    image: mariadb:10.11
    container_name: passbolt-db
    restart: unless-stopped
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "true"
      MYSQL_DATABASE: "passbolt"
      MYSQL_USER: "passbolt"
      MYSQL_PASSWORD: "CHANGE_THIS_TO_A_STRONG_PASSWORD"
    volumes:
      - /opt/passbolt/database_volume:/var/lib/mysql

  passbolt:
    image: passbolt/passbolt:latest-ce
    container_name: passbolt
    restart: unless-stopped
    depends_on:
      - db
    environment:
      # --- IMPORTANT: Change this to your server's URL! ---
      APP_FULL_BASE_URL: https://192.168.1.100:4431
      DATASOURCES_DEFAULT_HOST: "db"
      DATASOURCES_DEFAULT_USERNAME: "passbolt"
      DATASOURCES_DEFAULT_PASSWORD: "CHANGE_THIS_TO_A_STRONG_PASSWORD"
      DATASOURCES_DEFAULT_DATABASE: "passbolt"
      # --- Add your email settings below ---
      EMAIL_TRANSPORT_DEFAULT_HOST: "smtp.example.com"
      EMAIL_TRANSPORT_DEFAULT_PORT: "587"
      EMAIL_TRANSPORT_DEFAULT_USERNAME: "your_email@example.com"
      EMAIL_TRANSPORT_DEFAULT_PASSWORD: "your_email_password"
      EMAIL_DEFAULT_FROM: "passbolt@yourdomain.com"
      EMAIL_DEFAULT_FROM_NAME: "Passbolt"
    volumes:
      - /opt/passbolt/gpg_volume:/etc/passbolt/gpg
      - /opt/passbolt/jwt_volume:/etc/passbolt/jwt
    command:
      [
        "/usr/bin/wait-for.sh",
        "-t",
        "0",
        "db:3306",
        "--",
        "/docker-entrypoint.sh",
      ]
    ports:
      - 8021:80
      - 4431:443

Before you deploy, you MUST change these values:

• CHANGE_THIS_TO_A_STRONG_PASSWORD: Change this in BOTH places (db and passbolt service) to a strong, unique password for your database.
• APP_FULL_BASE_URL: This is very important! Change 192.168.1.100:4431 to your server’s IP address and the port you want to use (in this case, 4431).
• Email Settings: Fill in your own email server (SMTP) details. This is needed for account registration and password recovery. You cannot skip this!

Once you’ve edited the code, click the Deploy the stack button at the bottom of the page. It will take a few minutes for everything to download and start.

Step 3: Create Your First Admin User

After the stack is running, we need to create the first administrator account. Go back to your server’s terminal and run this single command.

Make sure to replace the email and name with your own details!

Bash

docker exec -it passbolt su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user -u your@email.com -f YourFirstName -l YourLastName -r admin" -s /bin/sh www-data

After you run this, you will see a link in your terminal. COPY THAT LINK!

Step 4: Log In and Set Up Passbolt

Open a new tab in your web browser and paste the link you just copied from the terminal.

This will take you to the Passbolt setup page where you will:

1. Download the browser extension (it’s required and makes using Passbolt super easy).
2. Create your strong master password. Do not forget this password!
3. Set up your security token.

And that’s it! Your personal, secure, self-hosted password manager is now running. You can start adding your passwords and even invite family or team members if you want.

Enjoy the peace of mind that comes with controlling your own data and stop using your brain capacity for passwords.