Web-based, multi-user, secure password safe with delegated access controls.
This is a fork of the original webpasswordsafe created by Josh Drummond. It was created to make this awesome web application as easy to build and use as possible.
- Rich web application based on GWT and GXT
- Multi language support (i18n)
- Secure password hashing algorithm for database storage
- Fulltext search for password data
- Password history
- Brute force protection by blocking the IP address of the attacker
- Permissions for passwords based on users and groups
- LDAP integration for user and groups
- Detailled reports (users, groups, password access, password expiration, password permissions, ...)
- RESTful web service interface for 3rd party applications
- Manual installation instructions can be found here
The Web Password safe docker image is based on Debian Jessie, Oracle JDK 8 and Apache Tomcat 7.
This password safe docker image contains the following software components:
For data storage you will need a relational database. At the moment, these databases are supported:
Both tomcat http ports are exposed:
- 8080 (http)
- 8443 (https)
When you start the password safe container, you can adjust the configuration by passing one or more environment variables on the docker run
command line:
- The passphrase for jasypt encryptor
- Please specify a strong password here
- You will not be able to retrieve old passwords when you change it after initial configuration
- Default value:
w3bp@$$w0rd$@f3k3y
- The database type to use
- Possible values:
hsqldb
,mysql
,postgresql
- Default value:
hsqldb
- The database hostname or ip address as string
- Default value:
$MYSQL_PORT_3306_TCP_ADDR
orwebpasswordsafe-mysql
- The database port as a numeric value
- Default value:
$MYSQL_PORT_3306_TCP_PORT
or3306
- The database name as string
- Default value:
$MYSQL_ENV_MYSQL_DATABASE
orwebpasswordsafe
- The database user as string
- Default value:
$MYSQL_ENV_MYSQL_USER
orwebpasswordsafe
- The database password as string
- Default value:
$MYSQL_ENV_MYSQL_PASSWORD
ormy-password
- Run password safe container in foreground with this command:
docker run --rm -p 8080:8080 -p 8443:8443 chrisipa/webpasswordsafe
-
Make sure that your mysql database server allows external access
-
Create a database with name
webpasswordsafe
and allow userwebpasswordsafe
to access it -
Run the password safe container with the following command:
docker run --name webpasswordsafe-tomcat -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql -e DB_HOST=192.168.0.1 -e DB_PASS=my-password chrisipa/webpasswordsafe
- Run mysql container with this command:
docker run --name webpasswordsafe-mysql -d -e MYSQL_ROOT_PASSWORD=my-root-password -e MYSQL_DATABASE=webpasswordsafe -e MYSQL_USER=webpasswordsafe -e MYSQL_PASSWORD=my-password -v /opt/docker/webpasswordsafe/mysql:/var/lib/mysql mysql:latest
- Run password safe container by linking to the newly created mysql container:
docker run --name webpasswordsafe-tomcat --link webpasswordsafe-mysql:mysql -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql chrisipa/webpasswordsafe
- Create docker compose file
docker-compose.yml
with your configuration data:
mysql:
image: mysql
volumes:
- /opt/docker/webpasswordsafe/mysql:/var/lib/mysql
environment:
- MYSQL_ROOT_PASSWORD=my-root-password
- MYSQL_DATABASE=webpasswordsafe
- MYSQL_USER=webpasswordsafe
- MYSQL_PASSWORD=my-password
tomcat:
image: chrisipa/webpasswordsafe
links:
- mysql:mysql
ports:
- 8080:8080
- 8443:8443
environment:
- DB_TYPE=mysql
- PASSPHRASE=my-passphrase
- Run docker containers with docker compose:
docker-compose up -d
See parent image: chrisipa/tomcat
See parent image: chrisipa/jdk
- Access the GWT version of the password safe to configure your settings (default username: admin, default password: admin) https://localhost:8443/webpasswordsafe