How do I deploy Passbolt CE on Railway?

You can deploy Passbolt CE on Railway by clicking the "Deploy Now" button on this page. Railway will automatically set up all the necessary services and configurations for you.

What are the system requirements?

Railway handles all the infrastructure requirements. You only need a web browser to deploy and manage your application.

Is this template free to use?

Yes, this template is free to use within your existing Railway account.

Can I customize this template?

Yes, you can fully customize this template. After deployment, you will have full control of what you've deployed in your Railway project.

How do I get support for this template?

You can get support through our community forum: passbolt-ce-6723c222, or click "Get template help" for this template for more assistance.

Deploy and Host Passbolt CE on Railway

Passbolt is a hybrid credential platform. It is built-first for modern IT teams, yet simple enough for everyone. A sovereign, battle-tested solution that delivers for a team of 5, or an organisation of 5000.

About Hosting Passbolt CE

⚠️ This is not a one click deploy ⚠️

You will have to SSH to the server using Railway CLI

Common Use Cases

Team password management
TOTP sharing
Folder based access control

Dependencies for Passbolt CE Hosting

Maria DB (pre-installed by template)
An SMTP server (you won't be able to login without it)
Connecting to the container via SSH

Post Deploy Setup

ℹ Below are mandatory one time setup after deploying the template:

Open a terminal, make sure you have the Railway CLI installed (run railway login if needed)
Let Passbolt instance start, right click on it in Railway and select Copy SSH Command.
Paste the terminal command from last step and press enter

You should now have a terminal session to your railway container, command invite should show root@abcdefxxx:/usr/share/php/passbolt#

Obtain and set GPG key fingerprint

Paste the following command, this will output your GPG key fingerprint gpg --homedir /var/lib/passbolt/.gnupg --list-keys --with-colons | grep fpr | head -1 | cut -d: -f10
Copy the 40-character fingerprint
Add environment variable: PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=

Set up SMTP server variable:

Pick your favorite email service provider then set the following environment variables: EMAIL_TRANSPORT_DEFAULT_HOST EMAIL_TRANSPORT_DEFAULT_PORT EMAIL_TRANSPORT_DEFAULT_USERNAME EMAIL_TRANSPORT_DEFAULT_PASSWORD

ℹ️ Logging in requires receiving a sign up link via email. You will not be able to login without it.

⚠️ == Restart your Railway container to apply the new EMAIL and GPG env variables == ⚠️

Create first admin user

SHH to the container as explained in previous steps.

Run the following command:

su -m -c "/usr/share/php/passbolt/bin/cake passbolt register_user \
  -u YOUR_EMAIL \
  -f YOUR_NAME \
  -l YOUR_LASTNAME \
  -r admin" -s /bin/sh www-data

Replace:

YOUR_EMAIL - Your email address
YOUR_NAME - Your first name
YOUR_LASTNAME - Your last name

Debug and healthchecks

Optionnally you can run the following command (via SSH):

su -s /bin/bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck" www-data

The FORCE TLS issue is expected, Railway reverse proxy is handling https.

Deployment Dependencies

Related resources:

Why Deploy Passbolt CE on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying Passbolt CE on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.