Use Passbolt in Auth

Setup Passbolt locally and connect to Labshare Auth

Prerequisites

  • Node JS version 10 or newer
  • Docker
  • GnuPG: Passbolt is based on OpenGPG please download GnuPG and install globally from https://formulae.brew.sh/formula/gnupg or https://gnupg.org/download/

    GnuPG is a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also known as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a versatile key management system, along with access modules for all kinds of public key directories. GnuPG, also known as GPG, is a command line tool with features for easy integration with other applications. A wealth of frontend applications and libraries are available. GnuPG also provides support for S/MIME and Secure Shell (ssh). https://gnupg.org/index.html

Setup environment files before start

Modify and put these environment files under passbolt folder https://github.com/ncats/auth-monorepo/tree/main/packages/auth/src/components/passbolt

  • Passbolt DB env file sample

  • Passbolt Configuration env file sample

    • APP_FULL_BASE_URL: The url for Passbolt site, use http://localhost:80 for local and real url like https://a-passbolt.ci.aws.labshare.org on CI server

Start Auth with Passbolt

Once these env files have been setup, make sure you have Docker runnning

  • Run the following command in your teminal to start Auth with Passbolt, it will setup Auth DB, Passbolt, Passbolt DB and Auth Passbolt

    npm run up:passbolt

  • Run Auth DB migrate

    npm run migrate

  • Register Admin account and save private key

    • Run this command in your terminal
$ docker exec <yourpassboltdockercontainername> su -m -c "bin/cake \
                                passbolt register_user \
                                -u <your@email.com> \
                                -f <yourname> \
                                -l <surname> \
                                -r admin" -s /bin/sh www-data

It will output a link similar to the below one that can be pasted on the browser to finalize user registration:

https://localhost:80/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc
  • Click the link and finish the setup steps
  • Note the passphrase for this admin user, you will use that to configure auth
  • Download passbolt-recovery-kit.txt after signup and rename it as private_user_key.asc and put it under auth root directory

  • Keep that private key, it is required when you need to recovery your account

  • Update local.json

    • enabled: set true to use Passbolt
    • server.baseUrl: the url of your Passbolt site, local is http://localhost:80
    • server.email: for now you don’t need to change use passbolt@yourdomain.com
    • admin.passphrase: the passphrase when you set at register step
     "passbolt": {
    "enabled": true,
    "server": {
        "baseUrl": "http://localhost:80",
        "email": "passbolt@yourdomain.com"
      },
     "admin": {
        "passphrase": "your passphrase same when you set at register step",
        "email": "your@email.com"
      }
  }

Start Auth

Run npm start and during the auth service starting, you will see logs and the public key and private key will be imported automatically like this:

Importing private key logs

gpg: key 2D3415CBEBCBFBF6: "yourname surname <your@email.com>>" not changed
gpg: key 2D3415CBEBCBFBF6: secret key imported
gpg: Total number processed: 1
gpg:              unchanged: 1
gpg:       secret keys read: 1
gpg:  secret keys unchanged: 1

Importing public key logs


1 attempt to connect http://localhost:80/auth/verify.json and import public key
gpg: key 1A314C9F1051685B: "Passbolt default user <passbolt@yourdomain.com>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

If you don’t see these logs, please check if your Passbolt site is up or check your private key is under the Auth folder.

Integration Test

Run npm run test:passbolt