Passbolt sails with Docker

Recently we have been working on an updated docker image for passbolt. In this article we wanted to give you a little background around the choices we made when designing this new version.

Motivation

Passbolt is an open source password manager for teams that aims to be easy to use both for regular and advanced users. Naturally usability was also one of the main objectives for bundling passbolt with docker. We want everyone to be able to ship quickly a stable, fast and small footprint instance.

The team is currently focused on making Passbolt great again. This means that most of the development time should go torwards fixing bugs or implementing new features. The team have little time left to provide dedicated support for all ecosystems. Therefore shipping an image with Passbolt bundled on it seemed a good approach: more users will be able to run passbolt, disregard their local GNU/Linux distribution.

Why Docker?

Well, this might be a controversial topic since Docker has many lovers and haters. However Docker popularity and growing community can help to generate more interest for passbolt and, by doing so, to obtain more feedback that will ideally trigger more collaboration. For example one of passbolt power user managed to set up the docker image on a raspberry pi and we are looking forward hearing more about this experiment in a short future.

The Image

Passbolt docker image comes bundled with the following stack:

• Passbolt API with all required dependencies such as php gnupg
• Nginx
• Php-fpm

Nginx and Php-fpm choices intend to give passbolt users a compromise between performance and resource usage. This strategy allow this image to be used on a variety of scenarios, from development to production.

Breaking Docker philosophy of one process per container allows us to reduce complexity to set up a running passbolt instance; however, we understand that on certain setups this practice is not acceptable and we are considering to release a php-fpm only setup to provide more flexibility for users that require it.

What is not bundled in Passbolt docker image:

• MySQL

In this case the decision to break up data persistence on separate layers was easy. We think that separating the persistence layer from the application layer brings more options in the availability side, providing a more flexible image that adapts to, for instance, already running database nodes.

Unlike many of you requested, passbolt is bundled with a self signed dummy SSL certificate and an automatic gnupg key generation for people that just want to test the project. However it is possible to load your own certificates and gnupg keys via docker volumes. This approach was the simplest to implement and also, we believe, the most flexible.

Of course, everyone is welcome to contribute to the docker repository with pull requests, or fork it to make any modifications to fit their needs.

Also, we’d love to hear your comments and receive feedback to improve this project. Please add your comments below or send an email [email protected].