Passbolt API is the backend JSON API for Passbolt Community Edition, an open source password manager designed for teams that prioritize security and privacy. It enables organizations to centrally manage and share credentials without relying on third-party cloud services, using end-to-end encryption where users retain control of their encryption keys. Built on CakePHP 5, it’s tailored for DevOps teams, security engineers, and IT administrators who need full control over their secrets infrastructure.
The API supports integration with browser extensions, mobile apps, CLI tools, and desktop clients, and can be deployed natively on Linux distributions, Docker, Kubernetes, AWS, DigitalOcean, and more. It adheres to the GNU AGPLv3 license and is audited annually with public vulnerability reports, making it suitable for regulated environments and air-gapped deployments.
What You Get
- End-to-End Encryption - All passwords and secrets are encrypted client-side using OpenPGP before being stored; only authorized users with private keys can decrypt them.
- User-Owned Encryption Keys - Each user generates and controls their own PGP key pair; no server-side key storage or backdoor access is possible.
- RESTful JSON API - Comprehensive API endpoints for managing secrets, groups, permissions, and users, documented for integration with custom tools and automation scripts.
- Role-Based Access Control (RBAC) - Granular permissions for users, groups, and administrators to define who can view, edit, or share credentials.
- Multi-Platform Client Support - Official browser extensions (Chrome, Firefox, Edge), mobile apps (iOS, Android), CLI tool (go-passbolt-cli), and upcoming desktop app for seamless credential access across devices.
- Self-Hosted Deployment Options - Deploy on Ubuntu, Debian, RedHat, CentOS, AlmaLinux, RockyLinux, Fedora, openSUSE, Oracle Linux, Docker, Kubernetes, AWS, DigitalOcean, and Raspberry Pi with official guides.
- Public Security Audits - Annual third-party code audits with full public disclosure of findings and fixes, ensuring transparency and trust in the security model.
- No Telemetry or Data Collection - Passbolt does not collect user behavior data, analytics, or personal information, making it compliant with GDPR and privacy-focused policies.
Common Use Cases
- Securing team credentials in regulated industries - A healthcare IT team uses Passbolt API to store and share login credentials for patient systems, ensuring compliance with HIPAA through end-to-end encryption and audit trails.
- Automating credential rotation in DevOps pipelines - A DevOps engineer integrates the Passbolt API into CI/CD workflows to programmatically fetch and rotate database and API keys without exposing them in plaintext.
- Replacing cloud password managers in air-gapped environments - A government agency deploys Passbolt on-premises to manage internal system credentials without any internet connectivity or third-party dependency.
- Centralizing access for remote engineering teams - A distributed software team uses the Passbolt browser extension and mobile app to securely share SSH keys, API tokens, and SaaS logins across time zones with granular permissions.
Under The Hood
Architecture
- CakePHP 5-based MVC structure with a centralized service container and middleware pipeline that enforces security, versioning, and request normalization in a layered, decoupled manner
- Plugin-based modularity isolates features like RBAC and email digestion into self-contained namespaces, enabling extensibility without core pollution
- Dependency injection via service providers ensures loose coupling and configuration-driven service instantiation
- Healthcheck system uses a consistent interface to validate system integrity across components like authentication and operating system state
- Trait-based query logic in ORM layers reduces duplication while preserving domain-specific encapsulation
- Middleware stack uniformly applies security policies including CSRF, HSTS, and GPG headers before request handling
Tech Stack
- PHP 8.2 backend with CakePHP 5.2, supporting PostgreSQL and MySQL via a robust ORM and migration system
- RESTful API powered by JWT authentication, OpenPGP encryption, and TOTP for multi-factor security
- CI/CD pipeline built on GitLab with Docker, PHPUnit, PHPStan, and code style enforcement
- Frontend assets managed via Grunt and npm, integrating React Router and OpenPGP.js for client-side cryptography
- Internationalization supported through PO files and Crowdin with broad language coverage
Code Quality
- Extensive test coverage across unit, integration, and service layers with factory-based data seeding and clear naming conventions
- Strict typing, comprehensive PHPDoc, and type-hinted signatures ensure code clarity and maintainability
- Consistent error handling with standardized HTTP exceptions and domain-specific validation
- Factory patterns and reusable traits reduce duplication and improve test readability
- Clear, convention-aligned naming for controllers, services, and factories enhances code navigation
What Makes It Unique
- End-to-end encrypted secret storage with client-side OpenPGP validation that eliminates server-side trust in cryptographic keys
- Granular, plugin-aware middleware that enforces role-based access control at the HTTP request level, not just the database
- Built-in encrypted email redaction system that generates secure, user-specific notifications without external dependencies
- Modular OpenPGP service layer abstracts cryptographic operations while enforcing validation rules as testable components
- Self-contained user deletion workflow that triggers resource expiration and group notifications through transactional service dependencies
- Plugin-driven architecture that allows community extensions while preserving security boundaries and core integrity