How to Set Up Passbolt Password Manager on AWS

Passbolt is an open-source, self-hosted password manager designed for teams and businesses that need secure and granular control over their credentials. Hosting Passbolt on AWS provides scalability, security, and high availability. In this guide, I’ll walk you nthrough the process of deploying Passbolt on an AWS EC2 instance.

How I create it
Mobirise Website Builder

Introduction

Passbolt is an open-source, self-hosted password manager designed for teams and businesses that need secure and granular control over their credentials. Hosting Passbolt on AWS provides scalability, security, and high availability. In this guide, I’ll walk you nthrough the process of deploying Passbolt on an AWS EC2 instance.

Before we begin, ensure you have the following:

Prerequisite: 

- An AWS account with permissions to create EC2 instances, security groups, and elastic IPs.
- A domain name (optional, but recommended).
- An SSH key pair for secure access to the EC2 instance.
- Basic knowledge of Linux commands and AWS services. 

Optional domain:

I already purchase www.mycycyberanalyst.tech and created a subdomain passbolt.mycyberanalyst.com which hold the password manager.  You can get a cheap domain from Namecheap. Please note that you can no longer access the project from passbolt.mycyberanalyst.tech due to cost of hosting on AWS.

Step 1: Launch Passbolt from AWS Marketplace

Go to AWS Marketplace
Visit AWS Marketplace and search for Passbolt Community Edition.
Click on the Passbolt CE AMI, then select Continue to Subscribe and Continue to Configuration.
Configure the Instance

Choose the Region where you want to deploy the instance.
Select the EC2 instance type (Recommended: t3a.small or higher).
Set up storage (20GB minimum).
Create a Security Group with the following rules:

SSH (22) → Allow only your IP
HTTP (80) & HTTPS (443) → Allow from all
TCP 3306 (MySQL) → Only if you use a remote database
Attach Your SSH Key and launch the instance.

Step 2: Access the Server
Find Your Public IP

Go to the EC2 Dashboard → Click on your Passbolt instance → Copy the Public IPv4 address.

bash

ssh -i your-key.pem ubuntu@your-ec2-instance-ip 

Step 3: Configure Passbolt

1. Log in as root:

bash

sudo -i



2. Run the Passbolt setup wizard:

bash

sudo passbolt-configure 

Follow the prompts:

Enter the domain name passbolt.mycyberanalyst.com (or IP if you don’t have a domain).
Configure database settings (default is local MySQL).
Generate SSL certificates (self-signed or Let’s Encrypt).

Step 4: Set Up SSL (Optional but Recommended)
If you have a domain, use Let’s Encrypt for free SSL:

bash

sudo certbot --nginx -d passbolt.mycyberanalyst.tech -d www.passbolt.mycyberanalyst.tech

# don't forget to replace with your domain name

# To enable automatic renewal:

 sudo certbot renew --dry-run

Step 5: Complete the Passbolt Setup

Open https://passbolt.mycyberanalyst.tech (or http://your-ec2-instance-ip).
Follow the web setup wizard to:
Create the admin account.
Generate or import the GPG key.
Secure your instance with multi-factor authentication (MFA).


Conclusion:
Successfully deploying Passbolt on AWS demonstrates my expertise in cloud security, IAM, and secure application deployment. This project showcases my ability to implement secure authentication, configure infrastructure in AWS, and enforce best security practices. It also highlights my skills in encryption, SSL management, and system hardening—critical aspects for any cybersecurity analyst
To improve security, consider:

Project Gallery

Mobirise Website Builder
Mobirise Website Builder
Mobirise Website Builder
Mobirise Website Builder

© Copyright Ezekiel MyCyberanalyst - All Rights Reserved