Self hosted Passbolt Architecture. Is this safe?


Love the product!

So I have installed Passbolt on my Primary site on VM, which is accessible only via VPN (+ self-signed SSL) I have the same setup on the secondary site (raspberry pi ESXi VM Ubuntu) where I have copied Keys and I hourly copy Database from the Primary to the secondary site.

Connection from primary to secodnary site is via IPSEC. My question is, is this the best solution, or I should do something different?


Hi @rkkotnik Welcome to the forum!

You haven’t specifically said what your objective is. Are you just trying to achieve a site backup?

Why does one site need to access the other?

Hi, Thanks!

So I have all of my stuff (web,mail, keycloak,…) in Active - Passive mode HA. If Primary site is down, I still need to access passwords on my Passbolt somehow, so for now I can VPN to my DR site and access my drpassbolt instance. Access between sites is done, so the data is being transferred, monitoring, etc.

my question is, regarding passbolt if this is the way to be redundant, or any other suggestion?

It seems like a good setup to me as automatic exporting of passwords is not provided as a turnkey option.