I have passbolt installed in a docker container. It is working perfectly, having no issues at all, however I wanted store my custom settings in passbolt.php (at the moment I have them in evnironment variables.)
I created a copy from passbolt.default.php and customized it with my own data (email address, password, etc.)
I surely do something wrong because when passbolt.php is on its place then I get error messages on the login page about server key, and when I delete the file (ie. let passbolt get the data from environment variables) then it works again.
I suppose the problem is in this part:
'passbolt' => [ // GPG Configuration. // The keyring must to be owned and accessible by the webserver user. // Example: www-data user on Debian 'gpg' => [ // Tell GPG where to find the keyring. // If putenv is set to false, gnupg will use the default path ~/.gnupg. // For example : // - Apache on Centos it would be in '/usr/share/httpd/.gnupg' // - Apache on Debian it would be in '/var/www/.gnupg' // - Nginx on Centos it would be in '/var/lib/nginx/.gnupg' // - etc. //'keyring' => getenv("HOME") . DS . '.gnupg', // // Replace GNUPGHOME with above value even if it is set. //'putenv' => false, // Main server key. 'serverKey' => [ // Server private key fingerprint. 'fingerprint' => '1928F83938AE44E27BA0F4D3AEAE396260D12172', 'public' => CONFIG . DS . 'gpg' . DS . 'serverkey.asc', 'private' => CONFIG . DS . 'gpg' . DS . 'serverkey_private.asc', ], ], ],
I have serverkey.asc and serverkey_private.asc persisted outside of the container.
I was not exactly sure what data put to ‘fingerprint’. On the list of environment variables of the docker container there is a variable called “GPG_KEYS”, and as a value there are two keys there (separated with a space), it is 2x 40 letters long. Which one shall I use as ‘fingerprint’? The first 40 letters or the second 40 letters? Or all the 80 letters? With our without space between them?
Anyway, I tried all these versions but it didn’t help, so I’m not sure if this is the key I need to copy here.
Also I’m not perfectly sure about serverkey.asc and serverkey_private.asc. Is it okay just to put the file name here without the complete path? (They are in /var/www/passbolt/config/gpg in the docker and they are persisted outside of the docker.)
Thanks a lot in advance for your help!