Current Stable Version: 5.9.0 (February 2026) | License: AGPL-3.0 | Architecture: Client-Server with End-to-End Encryption
Passbolt is an open-source password manager designed for team collaboration, built on a Zero-Knowledge architecture with OpenPGP-based end-to-end encryption. It provides encrypted vaults, granular role-based access control, and cross-platform browser extensions for secure credential sharing. With over 50,000 organizations worldwide and 700K daily active users, Passbolt is trusted by government agencies, enterprises, and DevOps teams for managing sensitive credentials while maintaining strict security controls.
The platform supports multiple deployment options including Docker, Kubernetes (Helm charts), and native Linux packages (apt, dnf, zypper). Passboltβs API-centric design enables seamless integration with CI/CD pipelines, automation tools, and custom workflows.
π‘ Whatβs New in 2025-2026: Passbolt underwent major transformation with versions 5.0-5.9, introducing redesigned UI, encrypted metadata, dynamic role management, standalone notes, secret history (audit trails), SCIM provisioning, and MariaDB Galera Cluster support for high availability. The platform achieved SOC 2 Type II compliance and completed three security audits (Quarkslab, Cure53, Johanson Group).
| Team Type | Capabilities |
|---|---|
| Workforce | Browser/desktop/mobile apps with auto-fill for daily credential access |
| IT Operations | JIT access, Principle of Least Privilege (PoLP), root account management |
| DevOps/SRE | CLI, API, SDKs for CI/CD integration and automation |
| Management | Audit trails, user provisioning, SSO enforcement, compliance reporting |
| Developers | Secure API key storage, environment secrets, TOTP for service accounts |
| Component | Technology |
|---|---|
| Backend | PHP 8.2+, CakePHP framework |
| Database | MariaDB 10.11+ / MySQL 8+ (Galera Cluster supported) |
| Web Server | Nginx / Apache (PHP-FPM) |
| Cryptography | OpenPGP (GPG), RSA key generation |
| Container | Docker (Debian 13 base), Kubernetes (Helm) |
| Frontend | JavaScript, WebExtensions API |
| Option | Description | Best For |
|---|---|---|
| Community Edition (CE) | Free, self-hosted, full-featured open source | Small teams, startups |
| Professional Edition (Pro) | Self-hosted with enterprise features | Growing businesses |
| Cloud (EU-hosted) | Managed service with SOC 2 Type II compliance | Organizations seeking managed solution |
| Air-gap Deployment | Isolated environment support | Government, defense, regulated industries |
| Resource | Specification |
|---|---|
| CPU | 2 cores |
| RAM | 2GB |
| Storage | 20GB |
| Network | 10 Mbps |
| OS | Debian 11+/Ubuntu 20.04+/RHEL 9+ |
| Resource | Specification |
|---|---|
| CPU | 4 cores |
| RAM | 4-8GB |
| Storage | 50GB+ SSD |
| Network | 100 Mbps |
| High Availability | MariaDB Galera Cluster (3 nodes) |
| Standard | Status |
|---|---|
| SOC 2 Type II | β Compliant (2025 audit by Johanson Group) |
| GDPR | β Compliant |
| NIS2 | β Guidance published |
| Cybersecurity Made in Europe | β Member |
| FIDO Alliance | β Member |
| Version | Release Date | Key Features |
|---|---|---|
| 5.0 | April 2025 | Redesigned UI, improved group sharing & access rights visibility |
| 5.1 | May 2025 | Optional encrypted metadata, password expiry features |
| 5.2 | June 2025 | Multiple URIs per credential, custom icons & colors |
| 5.3 | July 2025 | Custom fields, JWT API authentication, DDEV setup guide |
| 5.4 | August 2025 | Stability improvements, refined grid view |
| 5.5 | September 2025 | SCIM beta, zero-knowledge metadata, MariaDB Galera Cluster |
| 5.6 | October 2025 | Standalone notes, shared-metadata key rotation, resizable sidebars |
| 5.7 | November 2025 | Secret history (audit trail), user-group management, import reports |
| 5.8 | December 2025 | Dynamic role management, faster group membership, drag & drop |
β οΈ Upgrade Notice: All users must update browser extensions to match server version (5.8) for new features like dynamic role management to function correctly.
# Download Docker Compose file with checksum verification
curl -LO https://download.passbolt.com/ce/docker/docker-compose-ce.yaml
curl -LO https://github.com/passbolt/passbolt_docker/releases/latest/download/docker-compose-ce-SHA512SUM.txt
sha512sum -c docker-compose-ce-SHA512SUM.txt
# Start Passbolt
docker compose -f docker-compose-ce.yaml up -d
# Create first admin user
docker compose -f docker-compose-ce.yaml \
exec passbolt su -m -c "/usr/share/php/passbolt/bin/cake \
passbolt register_user \
-u admin@example.com \
-f Admin \
-l User \
-r admin" -s /bin/sh www-data
Any questions?
Feel free to contact us. Find all contact information on our contact page.