Docker gpg keys

[x ] I have read intro post: About the Installation Issues category
[x ] I have read the tutorials, help and searched for similar issues
[x ] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x ] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue


Back again still having key and DB issues in the docker container.

So created a gpg key with rsa and rsa, 2048, no expiry, no passphrase, real name www-data

I exported the keys and mounted the volume on the docker run to /var/www/passbolt/config/gpg.

I went into the container and did the following:

chmod 777 /var/www/passbolt/config/gpg/
chmod 777 /var/www/passbolt/config/gpg/serverkey.asc
chmod 777 /var/www/passbolt/config/gpg/serverkey_private.asc
chown www-data:www-data serverkey_private.asc serverkey.asc
mkdir /var/www/.gnupg
chown www-data:www-data /var/www/.gnupg
su -s /bin/bash www-data
gpg --home /var/www/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc

When I list keys I get the default passbolt user not the imported key and I get the following on the healthcheck.

[FAIL] The server key fingerprint doesn’t match the one defined in config/passbolt.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /home/www-data/.gnupg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See.

I imported the key again under the www-data user to /home/www-data/.gnupg and when I list I see both keys but I get the same on error on the healthcheck. I get errors on db commands because of this and the login page gives not authorized and an internal error.A At this point there is no passbolt.php just the passbolt.default.php.

Thanks Mark

Hi Mark,

I think you could be affected by this issue


Thanks the healthcheck is showing passed with that command string.

But the database is in the following state:


[PASS] The application is able to connect to the database
[PASS] 1 tables found
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt install” www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/bin/cake migrations migrate --no-lock” www-data
[HELP] See.

Running su -s /bin/bash -c “/var/www/passbolt/bin/cake passbolt install” www-data gives:

Running baseline checks, please wait…
The GnuPG config for the server is not available or incomplete
Please run ./bin/cake passbolt healthcheck for more information and help.

I noticed that passbolt.default.php doesn’t have the DB settings from the run string so I populated them manually but still there is no change in output.

Thanks Mark

Hi Mark!

Glad to see it worked. The database migration commands will also need to access the fingerprint. Have you test with:

su -s /bin/bash -c "source /etc/environment; /var/www/passbolt/bin/cake migrations migrate --no-lock" www-data

Same for the passbolt install command.

Thanks I did try but didn’t quite get it right. I’m a python network guy learning linux fast. I see where I’m going wrong. Looks like have a mariadb version issue. Seems the latest for mariadb and passbolt are no longer compatible. I’ve tried lining up dates on releases to try and figure out what the likely version is.

PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘-db COLLATE utf8mb4_unicode_ci’ at line 1 in /var/www/passbolt/vendor/robmorgan/phinx/src/Phinx/Db/Adapter/PdoAdapter.php:168

Thanks Mark

Which version of mariadb are you using?


Sorry missed it off looks as those the latest version docker container is 10.4.11.

Hi Mark,

I can’t reproduce I have been using the docker-compose we provide tried installing with mariadb 10.3 and then upgrading to 10.4.

Actually I just realized you are using docker and running migraitons by hand… The container runs migrations on the start if it detects there are tables present on the database you are using.


I think that part of the process is failing as the arguements in the docker string aren’t being populated into the container. As I mentioned there is no passbolt.php just passbolt.default.php which is largely unpopulated. I seem to be doing way too much config to say this is a docker container :slight_smile:

Thanks Mark

Yeah by default the passbolt.php is not present in the container. The idea is to configure passbolt without passbolt.php using environment variables when using docker containers.

You can still create your own pasbolt.php and mount it on the container so you don’t need any env variable.


Where I can mount the /var/www/passbolt/config/gpg directory fine I cannot mount /var/www/passbolt/config. The container bombs out.

–mount type=bind,source=/home/ec2-user/passbolt_gnupg,target=/var/www/passbolt/config/gpg is ok
–mount type=bind,source=/home/ec2-user/config,target=/var/www/passbolt/config bombs out, even I do the following it fails.
–mount type=bind,source=/home/ec2-user/passbolt_gnupg,target=/var/www/passbolt/config

Why aren’t the environment variables from the install guide not working? I use the string given and when in the container I issue a printenv and non of the variables are there. Am I wasting my time with this container? I’ve managed to get other products working fine without much trouble. Even the mariadb container works perfectly fine without any intervention. It is getting to the point where I should use an alternative product.

Thanks Mark

Hi Mark,

You are trying to mount a directory (/var/www/passbolt/config) that contains many files. What you want to do is to mount a file: /var/www/passbolt/config/passbolt.php

Please could you provide the name of the environment variables that are not working for you?

Sorry to hear you are having such a bad experience with Passbolt. We crafted this container to require minimal setup on your side however it could be the case that you are in a edge case we haven’t think about. If that is the case please feel free to file a bug report on our github repository.
If you are trying to test Passbolt container it would be easier to use the docker-compose we provide. This docker-compose stack should work out of the box with minimal changes (such as the url) without having to worry about what is happening under the hood.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.