Public Repository

Last pushed: 24 days ago
Short Description
Web-based, multi-user, secure password safe with delegated access controls.
Full Description

Web Password Safe

Web-based, multi-user, secure password safe with delegated access controls.


This is a fork of the original webpasswordsafe created by Josh Drummond.
It was created to make this awesome web application as easy to build and use as possible.


  • Rich web application based on GWT and GXT
  • Multi language support (i18n)
  • Secure password hashing algorithm for database storage
  • Fulltext search for password data
  • Password history
  • Brute force protection by blocking the IP address of the attacker
  • Permissions for passwords based on users and groups
  • LDAP integration for user and groups
  • Detailled reports (users, groups, password access, password expiration, password permissions, ...)
  • RESTful web service interface for 3rd party applications


  • Manual installation instructions can be found here


The Web Password safe docker image is based on Debian Jessie, Oracle JDK 8 and Apache Tomcat 7.


This password safe docker image contains the following software components:

For data storage you will need a relational database. At the moment, these databases are supported:


Both tomcat http ports are exposed:

  • 8080 (http)
  • 8443 (https)

How to run the container

Environment variables

When you start the password safe container, you can adjust the configuration by passing one or more environment variables on the docker run command line:


  • The passphrase for jasypt encryptor
  • Please specify a strong password here
  • You will not be able to retrieve old passwords when you change it after initial configuration
  • Default value: w3bp@$$w0rd$@f3k3y


  • The database type to use
  • Possible values: hsqldb, mysql, postgresql
  • Default value: hsqldb


  • The database hostname or ip address as string
  • Default value: $MYSQL_PORT_3306_TCP_ADDR or webpasswordsafe-mysql


  • The database port as a numeric value
  • Default value: $MYSQL_PORT_3306_TCP_PORT or 3306


  • The database name as string
  • Default value: $MYSQL_ENV_MYSQL_DATABASE or webpasswordsafe


  • The database user as string
  • Default value: $MYSQL_ENV_MYSQL_USER or webpasswordsafe


  • The database password as string
  • Default value: $MYSQL_ENV_MYSQL_PASSWORD or my-password

Using docker

Example 1: Evaluation usage without persistent data storage

  • Run password safe container in foreground with this command:
    docker run --rm -p 8080:8080 -p 8443:8443 chrisipa/webpasswordsafe

Example 2: MySQL server on external host with default port

  1. Make sure that your mysql database server allows external access

  2. Create a database with name webpasswordsafe and allow user webpasswordsafe to access it

  3. Run the password safe container with the following command:

    docker run --name webpasswordsafe-tomcat -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql -e DB_HOST= -e DB_PASS=my-password chrisipa/webpasswordsafe

Example 3: MySQL server as docker container on the same docker host

  1. Run mysql container with this command:

    docker run --name webpasswordsafe-mysql -d -e MYSQL_ROOT_PASSWORD=my-root-password -e MYSQL_DATABASE=webpasswordsafe -e MYSQL_USER=webpasswordsafe -e MYSQL_PASSWORD=my-password -v /opt/docker/webpasswordsafe/mysql:/var/lib/mysql mysql:latest
  2. Run password safe container by linking to the newly created mysql container:

    docker run --name webpasswordsafe-tomcat --link webpasswordsafe-mysql:mysql -d -p 8080:8080 -p 8443:8443 -e PASSPHRASE=my-passphrase -e DB_TYPE=mysql chrisipa/webpasswordsafe

Example 4: Running docker containers with compose

  1. Create docker compose file docker-compose.yml with your configuration data:

     image: mysql
       - /opt/docker/webpasswordsafe/mysql:/var/lib/mysql
       - MYSQL_ROOT_PASSWORD=my-root-password
       - MYSQL_DATABASE=webpasswordsafe
       - MYSQL_USER=webpasswordsafe
       - MYSQL_PASSWORD=my-password
     image: chrisipa/webpasswordsafe
       - mysql:mysql
       - 8080:8080
       - 8443:8443
       - DB_TYPE=mysql
       - PASSPHRASE=my-passphrase
  2. Run docker containers with docker compose:

    docker-compose up -d

Advanced topics

Use your own SSL certificates

See parent image: chrisipa/tomcat

Accept self signed SSL certificates from Jenkins JRE

See parent image: chrisipa/jdk


  1. Access the GWT version of the password safe to configure your settings (default username: admin, default password: admin) https://localhost:8443/webpasswordsafe
Docker Pull Command