Automated offline decryption of passbolt secrets (LAB)

Hi everyone! :wave:

In my spare time, I’ve been working on a project aimed at helping admins access their Passbolt passwords offline, especially for disaster recovery scenarios. I’ve seen a few threads here and had conversations with others who were wondering how to export passwords directly from the database. However, when the conversation shifts to SQL queries, GPG, and security measures, many feel uncomfortable or simply don’t have the bandwidth to investigate.

This project simplifies that process by offering a way to export passwords using SQL backups without needing a deep dive into encryption or complex security setups. It’s designed more as a lab or proof-of-concept to show what’s possible rather than a full-fledged tool for everyday use.

:warning: Important Disclaimer

Although I work at Passbolt, this is an independent project not officially associated with Passbolt. Use it at your own risk! While the Docker containers aren’t persisted, this doesn’t ensure 100% security. It’s important to note that using this tool does not follow passbolt regular threat model, so it should only be seen as an experiment to understand how things work behind the scenes rather than a main CLI or a secure way to decrypt passwords through SQL exports.

For more detailed steps, you can take a look at the README.

Looking forward to your feedback and thoughts! :vulcan_salute:

7 Likes