Passbolt

App in the BluixApps catalog

What it is

Passbolt is an open-source team password manager — designed for team collaboration with E2E encryption via OpenPGP, fine-grained sharing, audit log, browser extension. Direct competitor to 1Password Teams / Bitwarden Business with stronger team-collaboration features.

EU-based (France), AGPLv3 community edition, with commercial Pro tier.

What it's for

  • Team password sharing — share credentials with E2E encryption
  • Department access control — fine-grained per-folder sharing
  • Audit trail — track who accessed what credential
  • Onboarding/offboarding — revoke departed employee access cleanly
  • Compliance — SOC 2 / ISO 27001 friendly

Who it's for

  • Small-to-medium businesses with 5-100 employees needing shared credentials
  • Privacy-bound EU orgs preferring European OSS
  • Tech teams sharing infrastructure credentials
  • MSPs managing client credentials with audit needs
  • Compliance-focused orgs requiring credential audit logs

Why teams pick Passbolt over alternatives

  • AGPLv3 (Community) — fully open
  • OpenPGP E2E — proven crypto for password sharing
  • EU-based — German/French/Italian orgs prefer
  • Browser extension — Firefox / Chrome / Edge / Brave
  • Team-collab focus — sharing UX is core, not afterthought
  • API + CLI — automation-friendly

Integrations

  • Browser extensions — Firefox, Chrome, Edge, Brave, Safari
  • Mobile apps — iOS + Android
  • Authentication — local + LDAP + SAML + OAuth (Pro)
  • API — REST API with API keys
  • CLI — manage passwords from terminal
  • SCIM provisioning — auto-sync user dirs (Pro)
  • MFA — TOTP, YubiKey, Duo

Notable users & community

  • 8k+ GitHub stars
  • Used by European SMBs and public sector
  • Backed by Passbolt SA (FR) — sustainable European OSS company
  • Active community forum
  • Featured in 1Password-alternative roundups

Tips & operations

  • GPG key per user — Passbolt uses OpenPGP; each user generates GPG key on first signup
  • Master password ≠ user password — GPG key passphrase is separate
  • SMTP mandatory — invite emails depend on it; configure SMTP before first invite
  • Self-signed TLS — Passbolt expects HTTPS; use real cert in production
  • Backup MySQL + GPG keys — keys are critical; lost keys = lost passwords
  • Browser extension — required for password autofill + decryption

What we ship in BluixApps

  • Docker stack: Passbolt CE + MariaDB
  • Auto-generated DB password
  • Persistent volumes: /opt/passbolt/database + /opt/passbolt/gpg + /opt/passbolt/jwt
  • Port 8444 exposed (HTTPS with self-signed cert by default)
  • Admin user pre-created via CLI on first run
  • SMTP config required for invite emails (env placeholder)
  • Backup hook covers MariaDB + GPG keys
Read this app's deep dive on bluix.app ↗

Get this app — pick a BluixApps plan

Same catalog. Scaling tenant isolation, white-label and support tier.

TierTenantsCatalogSupportWhite-labelMonthly
Stacks119 curated stacksStandard$19/moDetailDeploy
Starter10Full catalogStandard+$15–25/mo$49/moDetailDeploy
Pro25Full catalogPriority bugfix+$15–25/mo$149/moDetailDeploy
Growth100Full catalogPriority bugfix+$15–25/mo$349/moDetailDeploy
Scale500Full catalog7-day window+$15–25/mo$799/moDetailDeploy
EnterpriseUnlimitedFull catalogPriority 7-dayBundled$1,499/moDetailDeploy

Powered by WHMCompleteSolution