Public Repository

Last pushed: 5 months ago
Short Description
Web-based, multi-user, secure password safe with delegated access controls.
Full Description

Web Password Safe


Web-based, multi-user, secure password safe with delegated access controls.

Overview

This is a fork of the original webpasswordsafe created by Josh Drummond.
It was created to make this awesome web application as easy to build and use as possible.

Features

  • Rich web application based on GWT and GXT
  • Multi language support (i18n)
  • Secure password hashing algorithm for database storage
  • Fulltext search for password data
  • Password history
  • Brute force protection by blocking the IP address of the attacker
  • Permissions for passwords based on users and groups
  • LDAP integration for user and groups
  • Detailled reports (users, groups, password access, password expiration, password permissions, ...)
  • RESTful web service interface for 3rd party applications

Installation

  • Manual installation instructions can be found here

Docker

The Web Password safe docker image is based on Debian Jessie, Oracle JDK 8 and Apache Tomcat 7.

Description

This password safe docker image contains the following software components:

For data storage you will need a relational database. At the moment, these databases are supported:

Ports

Both tomcat http ports are exposed:

  • 8080 (http)
  • 8443 (https)

How to run the container

Environment variables

When you start the password safe container, you can adjust the configuration by passing one or more environment variables on the docker run command line:

PASSPHRASE

  • The passphrase for jasypt encryptor
  • Please specify a strong password here
  • You will not be able to retrieve old passwords when you change it after initial configuration
  • Default value: w3bp@$$w0rd$@f3k3y

DB_TYPE

  • The database type to use
  • Possible values: hsqldb, mysql, postgresql
  • Default value: hsqldb

DB_HOST

  • The database hostname or ip address as string
  • Default value: $MYSQL_PORT_3306_TCP_ADDR or webpasswordsafe-mysql

DB_PORT

  • The database port as a numeric value
  • Default value: $MYSQL_PORT_3306_TCP_PORT or 3306

DB_NAME

  • The database name as string
  • Default value: $MYSQL_ENV_MYSQL_DATABASE or webpasswordsafe

DB_USER

  • The database user as string
  • Default value: $MYSQL_ENV_MYSQL_USER or webpasswordsafe

DB_PASS

  • The database password as string
  • Default value: $MYSQL_ENV_MYSQL_PASSWORD or my-password

Using docker

Example 1: Evaluation usage without persistent data storage

  • Run password safe container in foreground with this command:
    docker run --rm -p 8080:8080 -p 8443:8443 chrisipa/webpasswordsafe
    

Example 2: MySQL server on external host with default port

  1. Make sure that your mysql database server allows external access

  2. Create a database with name webpasswordsafe and allow user webpasswordsafe to access it

  3. Run the password safe container with the following command:

    docker run --name webpasswordsafe-tomcat -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_HOST=192.168.0.1 -e DB_PASS=my-password chrisipa/webpasswordsafe
    

Example 3: MySQL server as docker container on the same docker host

  1. Run mysql container with this command:

    docker run --name webpasswordsafe-mysql -d -e MYSQL_ROOT_PASSWORD=my-root-password -e MYSQL_DATABASE=webpasswordsafe -e MYSQL_USER=webpasswordsafe -e MYSQL_PASSWORD=my-password -v /opt/docker/webpasswordsafe/mysql:/var/lib/mysql mysql:latest
    
  2. Run password safe container by linking to the newly created mysql container:

    docker run --name webpasswordsafe-tomcat --link webpasswordsafe-mysql:mysql -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase chrisipa/webpasswordsafe
    

Example 4: Running docker containers with compose

  1. Create docker compose file docker-compose.yml with your configuration data:

    mysql:
     image: mysql
     volumes:
       - /opt/docker/webpasswordsafe/mysql:/var/lib/mysql
     environment:
       - MYSQL_ROOT_PASSWORD=my-root-password
       - MYSQL_DATABASE=webpasswordsafe
       - MYSQL_USER=webpasswordsafe
       - MYSQL_PASSWORD=my-password
    
    tomcat:
     image: chrisipa/webpasswordsafe
     links:
       - mysql:mysql
     ports:
       - 8080:8080
       - 8443:8443
     environment:
       - PASSPHRASE=my-passphrase
    
  2. Run docker containers with docker compose:

    docker-compose up -d
    

Advanced topics

Use your own SSL certificates

See parent image: chrisipa/tomcat

Accept self signed SSL certificates from Jenkins JRE

See parent image: chrisipa/jdk

Caveats

  1. Access the GWT version of the password safe to configure your settings (default username: admin, default password: admin) https://localhost:8443/webpasswordsafe
Docker Pull Command
Owner
chrisipa

Comments (0)