Setup Yukibey by ENV_VAR has no effect

I have read intro post: About the Installation Issues category
I have read the tutorials, help and searched for similar issues
I provide relevant information about my server (component names and versions, etc.)
I provide a copy of my logs and healthcheck
I describe the steps I have taken to trouble shoot the problem
I describe the steps on how to reproduce the issue

Hi, I’m using CE version 3.12 which supports Yubikey MFA.

I’ve read and followed this Passbolt Help | How to configure passbolt to use Yubikey OTP

I’m using docker, so I tried the ENV_VAR approach without success.
I’ve tried the Admin UI => it worked ?!

In /app/administration/mfa the “Yubikey” is not / does not stay activated.

There’s nothing in the logs (just, nothing I mean : I see navigations logs, no messages relative to yubikey configuration failing)

here’s an example of what I see - - [09/Jun/2023:07:10:38 +0000] "GET /auth/is-authenticated.json HTTP/1.1" 200 261 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [09/Jun/2023:07:10:38 +0000] "GET /auth/is-authenticated.json HTTP/1.1" 200 261 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" - - [09/Jun/2023:07:10:43 +0000] "GET / HTTP/1.1" 302 5 "-" "ELB-HealthChecker/2.0"

My setup is as follow

  • AWS hosted
  • Docker in ECS
  • a Load Balancer in front of passbolt

in the end it works, but for my setup ENV VAR support would be far better.

Hi @squaloo Since you didn’t mention the variables you used I thought I would post a link to a PR as they are also not currently listed on the passbolt Docker variables page on the help site. I figured you dug into the code but just in case.

We’ll try to reproduce this issue, maybe there is a regression.

Hi @squaloo ,

the documentation might indeed miss one env variable:
is missing.

Setting the env variables as followed worked for me:


Do you confirm? In any case we will update the doc.

I’ve just tried as follow :

  • went in Admin UI, deactivated Yubikey MFA
  • stopped container
  • started it again with the new env var (At the moment I have the 3 you mention above)

=> did not work, Yubikey MFA was still deactivated.

maybe it could be related to the fact that I once used the admin UI, as it has priority over env vars ?
(if you’d like I can check something in DB and see if there’s a configuration remnant, just tell me where)

If you want to check in db, you may find something in organization_settings table.

Great ! indeed, when deactivating with the Admin UI, a record stays in DB (which is perfectly fine), with a ‘modified’ date and no values for yubikey client id / secret.

I removed the line and restarted the container with the 3 env variables … => YubiKey is activated as expected.

Thank you all again.