Passbolt
App in the BluixApps catalog
What it is
Passbolt is an open-source team password manager — designed for team collaboration with E2E encryption via OpenPGP, fine-grained sharing, audit log, browser extension. Direct competitor to 1Password Teams / Bitwarden Business with stronger team-collaboration features.
EU-based (France), AGPLv3 community edition, with commercial Pro tier.
What it's for
- Team password sharing — share credentials with E2E encryption
- Department access control — fine-grained per-folder sharing
- Audit trail — track who accessed what credential
- Onboarding/offboarding — revoke departed employee access cleanly
- Compliance — SOC 2 / ISO 27001 friendly
Who it's for
- Small-to-medium businesses with 5-100 employees needing shared credentials
- Privacy-bound EU orgs preferring European OSS
- Tech teams sharing infrastructure credentials
- MSPs managing client credentials with audit needs
- Compliance-focused orgs requiring credential audit logs
Why teams pick Passbolt over alternatives
- AGPLv3 (Community) — fully open
- OpenPGP E2E — proven crypto for password sharing
- EU-based — German/French/Italian orgs prefer
- Browser extension — Firefox / Chrome / Edge / Brave
- Team-collab focus — sharing UX is core, not afterthought
- API + CLI — automation-friendly
Integrations
- Browser extensions — Firefox, Chrome, Edge, Brave, Safari
- Mobile apps — iOS + Android
- Authentication — local + LDAP + SAML + OAuth (Pro)
- API — REST API with API keys
- CLI — manage passwords from terminal
- SCIM provisioning — auto-sync user dirs (Pro)
- MFA — TOTP, YubiKey, Duo
Notable users & community
- 8k+ GitHub stars
- Used by European SMBs and public sector
- Backed by Passbolt SA (FR) — sustainable European OSS company
- Active community forum
- Featured in 1Password-alternative roundups
Tips & operations
- GPG key per user — Passbolt uses OpenPGP; each user generates GPG key on first signup
- Master password ≠ user password — GPG key passphrase is separate
- SMTP mandatory — invite emails depend on it; configure SMTP before first invite
- Self-signed TLS — Passbolt expects HTTPS; use real cert in production
- Backup MySQL + GPG keys — keys are critical; lost keys = lost passwords
- Browser extension — required for password autofill + decryption
What we ship in BluixApps
- Docker stack: Passbolt CE + MariaDB
- Auto-generated DB password
- Persistent volumes:
/opt/passbolt/database+/opt/passbolt/gpg+/opt/passbolt/jwt - Port 8444 exposed (HTTPS with self-signed cert by default)
- Admin user pre-created via CLI on first run
- SMTP config required for invite emails (env placeholder)
- Backup hook covers MariaDB + GPG keys
Get this app — pick a BluixApps plan
Same catalog. Scaling tenant isolation, white-label and support tier.
| Tier | Tenants | Catalog | Support | White-label | Monthly | |
|---|---|---|---|---|---|---|
| Stacks | 1 | 19 curated stacks | Standard | — | $19/mo | DetailDeploy |
| Starter | 10 | Full catalog | Standard | +$15–25/mo | $49/mo | DetailDeploy |
| Pro | 25 | Full catalog | Priority bugfix | +$15–25/mo | $149/mo | DetailDeploy |
| Growth | 100 | Full catalog | Priority bugfix | +$15–25/mo | $349/mo | DetailDeploy |
| Scale | 500 | Full catalog | 7-day window | +$15–25/mo | $799/mo | DetailDeploy |
| Enterprise | Unlimited | Full catalog | Priority 7-day | Bundled | $1,499/mo | DetailDeploy |