2025: A Year in Review

Passbolt focused on scaling infrastructure and refining the user experience throughout 2025.

The project balanced a major architectural shift with a consistent release cycle to address the needs of individual users and enterprise teams. This timeline details the significant milestones, product updates, and community initiatives that defined the year.

2025 in numbers

🎂 8 years of passbolt
🎉 Crossed 1,000,000 website visits per year
👥 700K Daily active users
🌐 50,000+ organisations worldwide are now using passbolt on a daily basis to protect their passwords and collaborate
🤝 50+ new product releases
👀 46,103 average monthly community pageviews and 443 new contributors
✅ Tracking at 99.97% uptime (including scheduled maintenance)

January

The year began with an expansion of resources. Passbolt Raised $8M in a Series A funding round led by Airbridge. This capital injection served as a strategic tool for the team to scale operations and meet the demand for open-source security solutions. The investment highlighted a market interest in transparent credential management.

February

Attention shifted to stability and accessibility in February. The release  v4.11 and v4.12 built the necessary infrastructure for encrypted metadata, ensuring a seamless transition to a fully Zero-Knowledge architecture. Concurrently, the team published technical guidance on how to secure your Passbolt instance with an SSL certificate on Windows. This effort supported diverse hosting environments to ensure administrators could maintain rigorous security standards. 

In addition, Passbolt took part in FOSDEM 2025, with co-founder Rémy Bertot presenting on the project’s open source philosophy and secure collaboration.

March

Security verification and transparency were the central themes in March. Passbolt cleared three security and compliance audits, these included a Passbolt Cloud penetration test conducted by Quarkslab, a cryptographic review of our authentication mechanisms by Cure53, and a SOC 2 Type II audit carried out by Johanson Group. Together, these audits reviewed our risk management, data protection, and operational controls, identifying no material weaknesses. The results provide additional assurance to our customers and stakeholders, and we continue to invest in ongoing assessments.

April

April marked a transition for the product and its relationship with the open-source ecosystem. Passbolt joined the PHP Foundation as a company member, contributing to the language that powers the platform. 

Later in the month, Passbolt 5.0 was released. This major version introduced a redesigned user interface, how users organise and share secrets across groups, making access rights more visible and easier. 

May

Momentum continued into May with the release of Passbolt 5.1 Strengthens Metadata Security for Shared Passwords. This update focused on the intersection of security and performance. It introduced optional encrypted metadata to protect descriptive resource information and added password expiry features to help teams enforce security policies.

June

User feedback drove the development priorities for June. Passbolt 5.2 introduced multiple URIs and custom icons. Users can easily manage shared services by associating one credential with multiple domains. New custom icons and colours make organising resources visually intuitive.

Later in June, Passbolt was back in Paris for the second edition of the Open Source Founders Summit, organised by Emily Omier, reconnecting with open-source leaders and sharing experiences within the community.

July

The focus in July expanded to developer experience and flexibility. Passbolt 5.3 “Riders on the Storm”. This update introduced custom fields for resources, allowing teams to add structured metadata tailored to their workflows.

Alongside this release, the team published a guide to set up your local Passbolt development environment in minutes with DDEV. To further support those building on top of the platform, new documentation clarified Passbolt API authentication using JWT, modernising how external applications interact with the instance.

August

August was dedicated to deployment efficiency. New tutorials on simplifying Passbolt installation with Ansible catered to system administrators managing infrastructure as code. For organisations requiring maximum uptime, the team detailed how to set up a highly available Passbolt environment, ensuring service continuity during outages. 

The release cycle continued with Passbolt 5.4.0 and 5.4.1 ~ “It’s My Life” + “Ain’t No Sunshine”, focusing on stability and refining the grid view.

September

Enterprise capabilities were the priority in September. Simplifying user provisioning using SCIM detailed the introduction of a SCIM beta for larger organisations. This Passbolt 5.5 release also advanced the privacy roadmap with zero-knowledge metadata, ensuring the server does not see unencrypted item descriptions. 

To support complex data needs, Passbolt also released a guide on configuring Passbolt with MariaDB Galera Cluster using mutual TLS (mTLS) authentication. This ensures that database traffic remains encrypted and authenticated, a critical requirement for high-security deployments.

October

October brought improvements to data organisation and cryptographic practices. Passbolt 5.6: standalone notes, shared-metadata key rotation, and resizable sidebars introduced the ability to secure sensitive information that does not fit the username-password format. 

In addition Passbolt Cloud added support for encrypted resource metadata, extending end-to-end encryption beyond passwords to include additional information attached to resources.

November

Administrative oversight was the theme for November. Passbolt 5.7: Secret history, user-group management, and import reports provided administrators with an audit trail of changes. Additionally, encrypted resource metadata became available on Passbolt Cloud, ensuring feature parity for cloud users.

December

The year concluded with a focus on compliance and long-term stability. In response to ecosystem changes, Passbolt outlined Bitnami legacy changes: Passbolt’s migration plan for open-source, secure Helm deployments. The release of Passbolt 5.8 added dynamic role management and faster group membership updates. Finally, the team published an analysis of NIS2 requirements: why credential security is non-optional, detailing how credential security aligns with European directives.

The milestones of 2025 reflect a transition from building core functionality to refining the controls required for large-scale administrative use. By addressing infrastructure needs like SCIM, zero-knowledge metadata, and NIS2 compliance, Passbolt has provided the tools necessary for organisations to manage credentials in increasingly regulated environments. 

Driven by this momentum, the team is fully prepared for 2026 🎉