Performance-scaling issues with many passwords and per-group permissions

Hello all,

I’m evaluating CE for use with our team and am running into scaling issues.
I have a docker passbolt set up and running without issue and I’ve imported our passwords from our current manager, in kdbx format.

The main feature we’re looking for is per-folder permissions, so we can consolidate multiple password databases in one instance, yet restrict team members to what they should have access to.

We’re currently sitting on 3 top level folders, say teamA, teamB and teamC and have created 4 groups : Admins, teamA, teamB and teamC.
Admins group is the owner on all 3 top level folders and each folder is shared to the corresponding teamX group as “can edit”.

We set up some of the admin accounts first for testing with only one of the top level foldres, which was fine, but we’re seeing that with an especially big folder, with > 5000 entries, we can’t really add members to their group. Whenever we add a single member and the “Updating group” window, which seems to go over every single item and update permissions. However, half the time it get’s stuck in various phases (during decryption, syncronizing keyring), and even when it seemingly works it takes impossibly too long.

The question here is : are we using passbolt wrong? Is managing permissions for 5k items outside of it’s capabilities? Any tips on improving this?

We are facing the same problem, when adding a new member to the group, or changing some permission, it simply hangs when it is decrypting, we have already changed servers, with more memory and CPU resources, imagining that it could be something related to this, but unfortunately the problem persists, did you have any solution in this case?

Yeah, actually we did fix this but forgot to post it here.

Issue appears to be an NginX client_max_body_size limitation, so we changed it to 0 in /etc/nginx/sites-enabled/nginx-passbolt.conf.

We’re using the docker version so we’re now bind-mounting a fixed copy of nginx-passbolt.conf to the container. Not sure if “hard-copying” this file will affect future versions, so YMMV.