# passbolt/passbolt_api

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/passbolt-passbolt-api).**

5,974 stars · 383 forks · PHP · AGPL-3.0

## Links

- GitHub: https://github.com/passbolt/passbolt_api
- Homepage: https://passbolt.com
- awesome-repositories: https://awesome-repositories.com/repository/passbolt-passbolt-api.md

## Topics

`cakephp` `cakephp5` `credentials` `passbolt` `password` `password-manager` `php` `productivity` `security`

## Description

Passbolt is an open-source, self-hosted password manager designed for teams. It provides a centralized, encrypted vault where organizations can store, share, and manage credentials securely. The server exposes a JSON REST API that authenticates requests using either GPGAuth or JWT tokens, and all secrets are protected with OpenPGP end-to-end encryption, ensuring the server never has access to plaintext passwords.

The platform distinguishes itself through a comprehensive role-based access control system that governs resource sharing and administrative actions. Teams can organize users into groups, share passwords and folders with granular permissions, and audit credential access. Administrators have dedicated tools to configure security policies, manage user accounts, and oversee the workspace. The server also supports multi-factor authentication and metadata version migration for evolving data structures.

Beyond core password management, the API enables programmatic vault management through high-level and low-level endpoints. Users can tag resources, manage favorites, and organize passwords into folders. The system tracks credential access for accountability and provides health check diagnostics for monitoring.

The server can be deployed on private infrastructure using Docker Compose, Kubernetes via Helm charts, or directly on various Linux distributions including Ubuntu, Debian, CentOS, AlmaLinux, Red Hat, and openSUSE. An interactive command-line configuration wizard guides administrators through initial setup, database configuration, and creation of the first admin user.

## Tags

### Part of an Awesome List

- [Password Vaults](https://awesome-repositories.com/f/awesome-lists/security/password-vaults.md) — Stores all team passwords in a single, encrypted vault accessible from a central server. ([source](https://cdn.jsdelivr.net/gh/passbolt/passbolt_api@master/README.md))
- [Metadata Migrations](https://awesome-repositories.com/f/awesome-lists/data/data-integration-and-import/version-to-version-migrations/metadata-migrations.md) — Migrates resource metadata between schema versions to support evolving data structures.

### Security & Cryptography

- [OpenPGP Encryptions](https://awesome-repositories.com/f/security-cryptography/end-to-end-encryption/openpgp-encryptions.md) — Encrypts all secrets client-side using OpenPGP keys so the server never sees plaintext passwords.
- [Team Credential Vaults](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/credential-security/credential-sharing/team-credential-vaults.md) — Provides a shared, encrypted vault for teams to store and manage credentials with user permissions.
- [Team Password Manager APIs](https://awesome-repositories.com/f/security-cryptography/security/cryptography-and-secrets/secrets-credential-management/password-managers/encrypted-password-management/team-password-manager-apis.md) — A platform that enables teams to securely share passwords and secrets with controlled user and group permissions.
- [Controlled Password Sharing](https://awesome-repositories.com/f/security-cryptography/domain-access-restrictions/request-access-restrictions/password-access-restrictions/password-masking/controlled-password-sharing.md) — Enables team members to share passwords with controlled access and permissions. ([source](https://passbolt.com/docs/))
- [Encrypted Storage Vaults](https://awesome-repositories.com/f/security-cryptography/encrypted-storage-vaults.md) — Centralizes credentials in a shared vault with end-to-end encryption for secure team management. ([source](https://cdn.jsdelivr.net/gh/passbolt/passbolt_api@master/README.md))
- [End-to-End Encryption](https://awesome-repositories.com/f/security-cryptography/end-to-end-encryption.md) — Distributes passwords and secrets using end-to-end encryption so only intended recipients can read them. ([source](https://cdn.jsdelivr.net/gh/passbolt/passbolt_api@master/README.md))
- [GPG Authentication Protocols](https://awesome-repositories.com/f/security-cryptography/gpg-key-management/gpg-authentication-protocols.md) — Authenticates API requests using a GPG challenge-response protocol.
- [Access Control Policies](https://awesome-repositories.com/f/security-cryptography/identity-access-management/access-control/access-control-models/permission-based-security/access-control-policies.md) — Sets role-based permissions and workspace-level controls to restrict user actions within the vault. ([source](https://passbolt.com/docs/))
- [API Request Authentication](https://awesome-repositories.com/f/security-cryptography/identity-access-management/authentication-strategies/machine-and-protocol-identity/api-machine-authentication/api-request-authentication.md) — Authenticates all API requests using GPGAuth or JWT tokens for secure programmatic vault access.
- [Credential Sharing](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/credential-security/credential-sharing.md) — Shares passwords and secrets with specific users or groups, controlling who can view or modify them. ([source](https://help.passbolt.com/faq/security/code-review))
- [Self-Hosted Password Managers](https://awesome-repositories.com/f/security-cryptography/identity-access-management/credential-lifecycle-management/self-hosted-password-managers.md) — Provides a self-hosted backend server for encrypted storage and synchronization of team credentials.
- [User Management](https://awesome-repositories.com/f/security-cryptography/identity-access-management/identity-management/user-management.md) — Creates and manages user entities that interact with the application. ([source](https://passbolt.com/docs/api/))
- [User Account Management](https://awesome-repositories.com/f/security-cryptography/identity-and-access-management/user-account-management.md) — Configures user accounts, roles, and permissions within the admin workspace to control access. ([source](https://passbolt.com/docs/admin/))
- [Encrypted Credential Storage](https://awesome-repositories.com/f/security-cryptography/local-first-privacy-tools/encrypted-credential-storage.md) — Stores passwords and secrets in an encrypted vault so only authorized users can access them. ([source](https://help.passbolt.com/faq/security/code-review))
- [Organizational Vault Administration](https://awesome-repositories.com/f/security-cryptography/organizational-vault-administration.md) — Ships administrative tools for enforcing policies and controlling shared items within the organizational vault. ([source](https://help.passbolt.com/faq/security/code-review))
- [Password Management](https://awesome-repositories.com/f/security-cryptography/password-management.md) — Stores and shares passwords securely within an organization for collaborative credential management. ([source](https://help.passbolt.com/faq/security/code-review))
- [Permission-Based Access Control](https://awesome-repositories.com/f/security-cryptography/permission-based-access-control.md) — Assigns roles and workspace access to define who can view, edit, or share each password entry. ([source](https://passbolt.com/docs/))
- [Role-Based Access Control](https://awesome-repositories.com/f/security-cryptography/role-based-access-control.md) — Restricts resource access and administrative actions based on assigned user roles and permissions.
- [Secure Secret Sharing](https://awesome-repositories.com/f/security-cryptography/secure-secret-sharing.md) — Stores and organizes passwords in a secure vault accessible only by authorized team members. ([source](https://passbolt.com/docs/))
- [JWT Authentications](https://awesome-repositories.com/f/security-cryptography/token-authentication/jwt-authentications.md) — Authenticates API requests using signed JSON Web Tokens as a modern alternative to GPG-based auth.
- [GPG Authentications](https://awesome-repositories.com/f/security-cryptography/token-authentication/jwt-authentications/gpg-authentications.md) — Authenticates API requests using the GPGAuth protocol for secure programmatic access.
- [User Access Controls](https://awesome-repositories.com/f/security-cryptography/user-access-controls.md) — Manages user invitations, roles, and permissions to control access to the password vault. ([source](https://passbolt.com/docs/))
- [User Access Management](https://awesome-repositories.com/f/security-cryptography/user-access-management.md) — Administrators invite users, assign roles, and configure security settings to enforce organizational policies. ([source](https://help.passbolt.com/faq/security/code-review))
- [GPGAuth Protocols](https://awesome-repositories.com/f/security-cryptography/authentication-protocols/gpgauth-protocols.md) — Authenticates API requests using the legacy GPGAuth protocol for backward compatibility. ([source](https://passbolt.com/docs/api/))
- [Multi-Factor Authentication](https://awesome-repositories.com/f/security-cryptography/multi-factor-authentication.md) — Validates authentication for users who have multi-factor authentication enabled. ([source](https://passbolt.com/docs/api/))
- [Public Key Retrieval](https://awesome-repositories.com/f/security-cryptography/public-key-authentication/public-key-retrieval.md) — Retrieves stored public OpenPGP keys needed for encryption between server and clients. ([source](https://passbolt.com/docs/api/))
- [User Password Administration](https://awesome-repositories.com/f/security-cryptography/secure-randomizers/password-generators/user-password-administration.md) — Centralizes and organizes passwords for individual users within a team environment. ([source](https://passbolt.com/docs/))
- [Security Configurations](https://awesome-repositories.com/f/security-cryptography/security-configurations.md) — Adjusts security policies and interface preferences to align with organizational requirements. ([source](https://help.passbolt.com/faq/security/code-review))
- [Security Policy Management](https://awesome-repositories.com/f/security-cryptography/security-policy-controllers/security-policy-management.md) — Adjusts security settings and user interface options to enforce organizational policies on the instance. ([source](https://help.passbolt.com/faq/security/code-review))

### Business & Productivity Software

- [Permissioned Resource Sharings](https://awesome-repositories.com/f/business-productivity-software/permissioned-sharing-links/permissioned-resource-sharings.md) — Shares resources and folders with users using an exhaustive permission system. ([source](https://passbolt.com/docs/api/))
- [User Group Management](https://awesome-repositories.com/f/business-productivity-software/user-group-management.md) — Organizes users into logical groups to simplify sharing resources. ([source](https://passbolt.com/docs/api/))
- [Workspace Administration](https://awesome-repositories.com/f/business-productivity-software/workspace-administration.md) — Provides administrators with tools to manage users, groups, and permissions across the organization. ([source](https://passbolt.com/docs/))

### Development Tools & Productivity

- [REST API Integrations](https://awesome-repositories.com/f/development-tools-productivity/rest-api-integrations.md) — Provides a full REST API for authenticating, managing resources, and sharing vault items. ([source](https://passbolt.com/docs/))
- [Debian Packages](https://awesome-repositories.com/f/development-tools-productivity/debian-packages.md) — Ships a Debian package repository and command-line installation guide for the server. ([source](https://www.passbolt.com/ce/debian))

### DevOps & Infrastructure

- [Docker Compose Deployments](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments/docker-compose-deployments.md) — Packages the entire server stack as a Docker Compose file for reproducible multi-service deployment. ([source](https://www.passbolt.com/ce/docker))
- [Self-Hosted Infrastructure Management](https://awesome-repositories.com/f/devops-infrastructure/deployment-management/self-hosted-infrastructure-management.md) — Provides installation and update procedures for running the password manager on private infrastructure. ([source](https://passbolt.com/docs/))
- [Self-Hosted Deployments](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-deployments.md) — Installs the password manager on private servers using Docker, Kubernetes, or Linux distributions for full data control. ([source](https://cdn.jsdelivr.net/gh/passbolt/passbolt_api@master/README.md))
- [Docker Deployments](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-deployments/docker-deployments.md) — Runs the password manager backend in a Docker container for quick and consistent server setup. ([source](https://www.passbolt.com/ce/docker))
- [Self-Hosted Server Platforms](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-server-platforms.md) — Installs and updates the backend server on your own infrastructure to keep full control of password data. ([source](https://passbolt.com/docs/hosting/))
- [AWS EC2 Deployments](https://awesome-repositories.com/f/devops-infrastructure/aws-ecs-deployments/aws-ec2-deployments.md) — Provides a deployment guide for installing the password manager on AWS EC2 instances. ([source](https://www.passbolt.com/ce/aws))
- [Cloud Deployment](https://awesome-repositories.com/f/devops-infrastructure/cloud-deployment.md) — Provides deployment instructions for major cloud platforms using pre-configured images or marketplace offerings. ([source](https://www.passbolt.com/ce/aws))
- [CentOS Distributions](https://awesome-repositories.com/f/devops-infrastructure/deployment-management/deployment-strategies/native-deployment-methods/centos-distributions.md) — Ships a native installation guide for CentOS using package manager and command-line steps. ([source](https://www.passbolt.com/ce/centos))
- [Manual Server Installations](https://awesome-repositories.com/f/devops-infrastructure/deployment-management/self-hosted-infrastructure-management/manual-server-installations.md) — Provides a step-by-step manual installation guide for setting up the server from scratch. ([source](https://www.passbolt.com/ce/digitalocean))
- [Helm Chart Deployment](https://awesome-repositories.com/f/devops-infrastructure/helm-chart-management/helm-chart-deployment.md) — Installs the application on a Kubernetes cluster using a Helm chart from the official repository. ([source](https://www.passbolt.com/ce/kubernetes))
- [Administration Interfaces](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-instances/administration-interfaces.md) — Provides an administrative interface to configure security settings, user access, and organizational policies. ([source](https://help.passbolt.com/faq/security/code-review))

### Networking & Communication

- [High-Level API Interfaces](https://awesome-repositories.com/f/networking-communication/low-level-api-interfaces/high-level-api-interfaces.md) — Exposes both high-level and low-level REST endpoints for programmatic vault management. ([source](https://passbolt.com/docs/))

### System Administration & Monitoring

- [User Account Administration](https://awesome-repositories.com/f/system-administration-monitoring/user-account-administration.md) — Manages user roles, permissions, and workspace settings through a dedicated administrative interface. ([source](https://passbolt.com/docs/))
- [Credential Access Monitoring](https://awesome-repositories.com/f/system-administration-monitoring/activity-monitors/credential-access-monitoring.md) — Tracks and logs user interactions with stored credentials to enforce accountability and compliance. ([source](https://cdn.jsdelivr.net/gh/passbolt/passbolt_api@master/README.md))
- [Health Checks](https://awesome-repositories.com/f/system-administration-monitoring/health-checks.md) — Provides a diagnostic endpoint for collecting health check data about the server instance. ([source](https://passbolt.com/docs/api/))

### Web Development

- [JSON APIs](https://awesome-repositories.com/f/web-development/json-apis.md) — Exposes all vault operations as stateless HTTP endpoints returning JSON responses.

### User Interface & Experience

- [Password Folder Organizers](https://awesome-repositories.com/f/user-interface-experience/links/folder-based-organization/password-folder-organizers.md) — Groups passwords into folders for bulk sharing and organization. ([source](https://passbolt.com/docs/api/))
