I have passbolt installed in a docker container. It is working perfectly, having no issues at all, however I wanted store my custom settings in passbolt.php (at the moment I have them in evnironment variables.)
I created a copy from passbolt.default.php and customized it with my own data (email address, password, etc.)
I surely do something wrong because when passbolt.php is on its place then I get error messages on the login page about server key, and when I delete the file (ie. let passbolt get the data from environment variables) then it works again.
I suppose the problem is in this part:
'passbolt' => [
// GPG Configuration.
// The keyring must to be owned and accessible by the webserver user.
// Example: www-data user on Debian
'gpg' => [
// Tell GPG where to find the keyring.
// If putenv is set to false, gnupg will use the default path ~/.gnupg.
// For example :
// - Apache on Centos it would be in '/usr/share/httpd/.gnupg'
// - Apache on Debian it would be in '/var/www/.gnupg'
// - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
// - etc.
//'keyring' => getenv("HOME") . DS . '.gnupg',
//
// Replace GNUPGHOME with above value even if it is set.
//'putenv' => false,
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' => '1928F83938AE44E27BA0F4D3AEAE396260D12172',
'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc',
'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc',
],
],
],
I have serverkey.asc and serverkey_private.asc persisted outside of the container.
I was not exactly sure what data put to ‘fingerprint’. On the list of environment variables of the docker container there is a variable called “GPG_KEYS”, and as a value there are two keys there (separated with a space), it is 2x 40 letters long. Which one shall I use as ‘fingerprint’? The first 40 letters or the second 40 letters? Or all the 80 letters? With our without space between them?
Anyway, I tried all these versions but it didn’t help, so I’m not sure if this is the key I need to copy here.
Also I’m not perfectly sure about serverkey.asc and serverkey_private.asc. Is it okay just to put the file name here without the complete path? (They are in /var/www/passbolt/config/gpg in the docker and they are persisted outside of the docker.)
Thanks a lot in advance for your help!