Passbolt — IT Team Password Manager
Basic Information
| Field | Value |
|---|---|
| Category | System Tools |
| Owner | Sergej Vdovičenko |
| Deputy | Artem Ryzhkov |
| Management Level | 5 |
| SLA | 8x5 |
| Login | GPG key (browser extension) |
| Deployment | On-prem VM (Proxmox cluster) |
Description
Passbolt is an open-source password manager for team credential sharing. It encrypts passwords end-to-end using GPG keys — no one (including admins) can read a password without the user's private key.
What we store here:
- Infrastructure system credentials (Proxmox, FortiGate, Windows Server…)
- SaaS platform admin accounts (Google Workspace, ESET Protect, Hexnode…)
- API keys and tokens
- Network passwords (RADIUS secrets, VPN PSK)
Warning
Passbolt is the most security-critical system. Access is restricted to IT team members only. Never share Passbolt passwords outside the approved circle.
Access and Login
- URL:
https://[passbolt-vm-ip](internal network or VPN) - Login: browser extension (Chrome/Firefox) with GPG key
- New users must go through the onboarding process (GPG key generation + admin approval)
Procedure — Add New Password
- Passbolt → Passwords → Create new password (+)
- Fill in: Name, URL, Username, Password, Description
- Save to the correct Folder
Procedure — Share Password with a Colleague
- Click on password → Share (share icon)
- Search for user or group
- Set permission: Can read / Can update / Is owner
- Click Save — password is encrypted with the recipient's public key
Procedure — Onboard New IT Team Member
- Admin invites user: Passbolt → Users → Invite User
- User clicks invitation → installs Passbolt browser extension
- Extension generates GPG key or imports an existing one
- Admin approves key fingerprint and confirms onboarding
Warning — GPG Key Loss
If you lose your private GPG key without a backup, you cannot access passwords shared exclusively with you. Always back up your GPG key.
Folder Structure
IT-Shared/
├── Infrastructure/ — servers, network, Proxmox
├── Cloud-Services/ — SaaS admin accounts
├── Networking/ — FortiGate, switches, RADIUS secrets
├── Active-Directory/ — AD admin, service accounts
└── VPN/ — VPN keys, PSKTroubleshooting
| Problem | Solution |
|---|---|
| Passbolt not opening in browser | Check browser extension; verify Passbolt VM accessibility via VPN |
| Forgotten GPG key passphrase | Admin must recover access — delete key, generate new one, admin re-approves (passwords remain) |
| Cannot share password | Verify recipient has an active GPG key in Passbolt |
Related Guides
- Proxmox — Passbolt VM host
- Active Directory — admin credentials stored in Passbolt
Contact
- Owner: Sergej Vdovičenko — Slack
@sergej - Deputy: Artem Ryzhkov — Slack
@artem - Access issues: Slack
#it-help(be careful — never quote passwords)