explaingit

passbolt/passbolt_api

5,898PHPAudience · ops devopsComplexity · 3/5Setup · moderate

TLDR

An open-source team password manager you can self-host, where passwords are encrypted on each user's device before ever reaching the server, so the server stores only encrypted data it cannot read.

Mindmap

mindmap
  root((Passbolt))
    What it does
      Team password sharing
      End-to-end encryption
      User-controlled keys
    Access Methods
      Browser extensions
      Mobile apps iOS Android
      Command-line tool
    Deployment
      Self-hosted Linux
      Docker
      Kubernetes
      Cloud hosted
    Security
      Device-side encryption
      Annual public audits
      Air-gap support
    Editions
      Community free
      Pro paid
      Cloud hosted
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Self-host a secure password manager for your team on your own Linux server or via Docker so credentials never leave your infrastructure

USE CASE 2

Share encrypted passwords with teammates through browser extensions for Chrome, Firefox, and Edge

USE CASE 3

Manage team credentials from a terminal using the Passbolt command-line tool for scripting and automation

USE CASE 4

Run Passbolt in an air-gapped environment with no internet connection for maximum data isolation

Tech stack

PHPCakePHPDockerKubernetes

Getting it running

Difficulty · moderate Time to first run · 1h+

Requires a Linux server with PHP, a database, and optional extensions, Docker simplifies setup but still needs configuration steps.

In plain English

Passbolt is an open-source password manager built for teams and organizations. It lets groups store, organize, and share passwords and credentials securely, with each user holding their own private encryption key. Passwords are encrypted before leaving the user's device, so the server never sees the plaintext values. The Community Edition (CE) is free to self-host. You can install it on your own server running Ubuntu, Debian, RedHat, or several other Linux distributions, or deploy it using Docker or Kubernetes. A paid Pro edition and a hosted Cloud option are also available for organizations that prefer not to manage their own infrastructure. Once installed, team members access their passwords through browser extensions for Chrome, Firefox, and Edge, or through mobile apps on iOS and Android. A command-line tool is available for developers and system administrators who want to interact with Passbolt from a terminal. A desktop app is listed as coming soon. The core security model centers on end-to-end encryption and user-controlled keys. Passbolt is audited multiple times per year and publishes the findings publicly. The company is headquartered in Luxembourg and states that it does not collect personal data or telemetry. The system can be run in air-gapped environments with no internet connection. This repository contains the PHP API backend, built on the CakePHP framework. Security issues should be reported privately to the security team by email rather than through GitHub issues.

Copy-paste prompts

Prompt 1
Help me install Passbolt Community Edition on Ubuntu using Docker Compose so my team can securely share passwords on our own server.
Prompt 2
Show me how to use the Passbolt CLI to create a new password entry and share it with a specific team member from the terminal.
Prompt 3
I want to migrate our team's passwords from a CSV export of LastPass to a self-hosted Passbolt instance. What steps should I follow?
Prompt 4
Write a Passbolt API script in PHP or curl to programmatically create and share a set of credentials from a JSON file.
Open on GitHub → Explain another repo

← passbolt on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.