/webpasswordsafe

Web-based, multi-user, secure password safe with delegated access controls.

Primary LanguageJava

Web Password Safe

Build Status Code Analysis

Web-based, multi-user, secure password safe with delegated access controls.

Overview

This is a fork of the original webpasswordsafe created by Josh Drummond. It was created to make this awesome web application as easy to build and use as possible.

Screenshot

Features

  • Rich web application based on GWT and GXT
  • Multi language support (i18n)
  • Secure password hashing algorithm for database storage
  • Fulltext search for password data
  • Password history
  • Brute force protection by blocking the IP address of the attacker
  • Permissions for passwords based on users and groups
  • LDAP integration for user and groups
  • Detailled reports (users, groups, password access, password expiration, password permissions, ...)
  • RESTful web service interface for 3rd party applications

Installation

  • Manual installation instructions can be found here

Docker

The Web Password safe docker image is based on Debian Jessie, Oracle JDK 8 and Apache Tomcat 7.

Description

This password safe docker image contains the following software components:

For data storage you will need a relational database. At the moment, these databases are supported:

Ports

Both tomcat http ports are exposed:

  • 8080 (http)
  • 8443 (https)

How to run the container

Environment variables

When you start the password safe container, you can adjust the configuration by passing one or more environment variables on the docker run command line:

PASSPHRASE

  • The passphrase for jasypt encryptor
  • Please specify a strong password here
  • You will not be able to retrieve old passwords when you change it after initial configuration
  • Default value: w3bp@$$w0rd$@f3k3y

DB_TYPE

  • The database type to use
  • Possible values: hsqldb, mysql, postgresql
  • Default value: hsqldb

DB_HOST

  • The database hostname or ip address as string
  • Default value: $MYSQL_PORT_3306_TCP_ADDR or webpasswordsafe-mysql

DB_PORT

  • The database port as a numeric value
  • Default value: $MYSQL_PORT_3306_TCP_PORT or 3306

DB_NAME

  • The database name as string
  • Default value: $MYSQL_ENV_MYSQL_DATABASE or webpasswordsafe

DB_USER

  • The database user as string
  • Default value: $MYSQL_ENV_MYSQL_USER or webpasswordsafe

DB_PASS

  • The database password as string
  • Default value: $MYSQL_ENV_MYSQL_PASSWORD or my-password

Using docker

Example 1: Evaluation usage without persistent data storage

  • Run password safe container in foreground with this command:
    docker run --rm -p 8080:8080 -p 8443:8443 chrisipa/webpasswordsafe
    

Example 2: MySQL server on external host with default port

  1. Make sure that your mysql database server allows external access

  2. Create a database with name webpasswordsafe and allow user webpasswordsafe to access it

  3. Run the password safe container with the following command:

docker run --name webpasswordsafe-tomcat -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql -e DB_HOST=192.168.0.1 -e DB_PASS=my-password chrisipa/webpasswordsafe

Example 3: MySQL server as docker container on the same docker host

  1. Run mysql container with this command:
docker run --name webpasswordsafe-mysql -d -e MYSQL_ROOT_PASSWORD=my-root-password -e MYSQL_DATABASE=webpasswordsafe -e MYSQL_USER=webpasswordsafe -e MYSQL_PASSWORD=my-password -v /opt/docker/webpasswordsafe/mysql:/var/lib/mysql mysql:latest
  1. Run password safe container by linking to the newly created mysql container:
docker run --name webpasswordsafe-tomcat --link webpasswordsafe-mysql:mysql -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql chrisipa/webpasswordsafe

Example 4: Running docker containers with compose

  1. Create docker compose file docker-compose.yml with your configuration data:
mysql:
  image: mysql
  volumes:
    - /opt/docker/webpasswordsafe/mysql:/var/lib/mysql
  environment:
    - MYSQL_ROOT_PASSWORD=my-root-password
    - MYSQL_DATABASE=webpasswordsafe
    - MYSQL_USER=webpasswordsafe
    - MYSQL_PASSWORD=my-password

tomcat:
  image: chrisipa/webpasswordsafe
  links:
    - mysql:mysql
  ports:
    - 8080:8080
    - 8443:8443
  environment:
    - DB_TYPE=mysql
    - PASSPHRASE=my-passphrase
  1. Run docker containers with docker compose:
docker-compose up -d

Advanced topics

Use your own SSL certificates

See parent image: chrisipa/tomcat

Accept self signed SSL certificates from Jenkins JRE

See parent image: chrisipa/jdk

Caveats

  1. Access the GWT version of the password safe to configure your settings (default username: admin, default password: admin) https://localhost:8443/webpasswordsafe