From f723abe49b870133bdb2e6eb89f9fc117b6c0b41 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:00:04 +0200 Subject: [PATCH 01/27] Correct spelling of CSV --- docs/user/basic-features/browser/export.mdx | 20 ++++++++++---------- src/components/ImportSteps/ImportSteps.js | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index 125ea376..f2099642 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -35,16 +35,16 @@ import Chips from "/src/components/Chips/Chips"; Passbolt export system supports the following file formats: -- Csv - Lastpass export -- Csv - 1password export -- Csv - Keepass export -- Csv - Dashlane export -- Csv - Nordpass export -- Csv - LogMeOnce export -- Csv - BitWarden export -- Csv - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) -- Csv - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) -- Csv - Safari +- CSV - Lastpass export +- CSV - 1password export +- CSV - Keepass export +- CSV - Dashlane export +- CSV - Nordpass export +- CSV - LogMeOnce export +- CSV - BitWarden export +- CSV - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) +- CSV - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) +- CSV - Safari - Kdbx (file format used by Keepass 2.x, you’ll need to specify a keepass passphrase for the encryption) If you’d like to request the support of a specific format, you can open a request on [the community forum](https://community.passbolt.com/c/backlog). diff --git a/src/components/ImportSteps/ImportSteps.js b/src/components/ImportSteps/ImportSteps.js index 0a2c687b..96721991 100644 --- a/src/components/ImportSteps/ImportSteps.js +++ b/src/components/ImportSteps/ImportSteps.js @@ -4,7 +4,7 @@ const ImportSteps = () => { return (
  1. Click on the “import” button at the top left, next to the “create” button.
    2. -
  2. Select a file (supported files are kdbx or csv. More details below.)
    3. +
  3. Select a file (supported files are kdbx or CSV. More details below.)
  4. Click on “continue import”
  5. For kdbx files, you might need to enter a password. Enter it and click “Ok”.
  6. The import will start. You will see a progress bar.
    7. From ded602cc1e006570faa5f6dfb34e9aece1617ea0 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:03:01 +0200 Subject: [PATCH 02/27] Correct spelling of KeePass & KeePassXC --- docs/user/basic-features/browser/export.mdx | 4 ++-- .../basic-features/browser/import/keepass-csv/index.mdx | 2 +- .../basic-features/browser/import/keepass-kdbx/index.mdx | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index f2099642..18ec7211 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -37,7 +37,7 @@ Passbolt export system supports the following file formats: - CSV - Lastpass export - CSV - 1password export -- CSV - Keepass export +- CSV - KeePass export - CSV - Dashlane export - CSV - Nordpass export - CSV - LogMeOnce export @@ -45,6 +45,6 @@ Passbolt export system supports the following file formats: - CSV - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) - CSV - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) - CSV - Safari -- Kdbx (file format used by Keepass 2.x, you’ll need to specify a keepass passphrase for the encryption) +- Kdbx (file format used by KeePass 2.x, you’ll need to specify a KeePass passphrase for the encryption) If you’d like to request the support of a specific format, you can open a request on [the community forum](https://community.passbolt.com/c/backlog). diff --git a/docs/user/basic-features/browser/import/keepass-csv/index.mdx b/docs/user/basic-features/browser/import/keepass-csv/index.mdx index d9a2acef..89cf1714 100644 --- a/docs/user/basic-features/browser/import/keepass-csv/index.mdx +++ b/docs/user/basic-features/browser/import/keepass-csv/index.mdx @@ -1,5 +1,5 @@ --- -title: Keepass (CSV) +title: KeePass (CSV) description: keepass csv resources import --- diff --git a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx index 119699ba..feef5483 100644 --- a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx +++ b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx @@ -1,5 +1,5 @@ --- -title: Keepass (KDBX) +title: KeePass (KDBX) description: keepass kdbx resources import --- @@ -26,7 +26,7 @@ import Chips from "/src/components/Chips/Chips"; ## Matrix -| | Windows | Keepass XC | Macpass | +| | Windows | KeePassXC | Macpass | |---|---|---|---| | Title | | | | | Username | | | | @@ -38,7 +38,7 @@ import Chips from "/src/components/Chips/Chips"; | Icon | | | | :::warning -Keepass windows totp supported : +KeePass windows totp supported : - TimeOtp-Algorithm - TimeOtp-Length - TimeOtp-Period From 128589d934896b8617f9068f96ee0c452cadec8c Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:05:14 +0200 Subject: [PATCH 03/27] Correct spelling of Microsoft --- docs/admin/authentication/sso/microsoft.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/admin/authentication/sso/microsoft.mdx b/docs/admin/authentication/sso/microsoft.mdx index c1f1c108..7db5a643 100644 --- a/docs/admin/authentication/sso/microsoft.mdx +++ b/docs/admin/authentication/sso/microsoft.mdx @@ -49,7 +49,7 @@ Open both the Entra admin center and Passbolt: You must ensure users are present both in passbolt and Entra ID, the email is used to correlate accounts. -* Users that are not present in Entra ID but are present in passbolt will not be able to use SSO (a message on microsoft side will be shown). +* Users that are not present in Entra ID but are present in passbolt will not be able to use SSO (a message on Microsoft side will be shown). * Users that are not present in passbolt but are present in Entra ID will not be able to login in passbolt (a message on passbolt side will be shown).
    Date: Thu, 31 Jul 2025 16:07:49 +0200 Subject: [PATCH 04/27] Correct spelling of TOTP --- docs/user/basic-features/browser/import/keepass-kdbx/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx index feef5483..4cdaff99 100644 --- a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx +++ b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx @@ -38,7 +38,7 @@ import Chips from "/src/components/Chips/Chips"; | Icon | | | | :::warning -KeePass windows totp supported : +KeePass windows TOTP supported : - TimeOtp-Algorithm - TimeOtp-Length - TimeOtp-Period From f43022281cd3cab8431cf80574c8859f7c920166 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:10:04 +0200 Subject: [PATCH 05/27] Correct spelling of Windows --- docs/hosting/troubleshooting/desktop-app.mdx | 8 ++++---- .../basic-features/browser/import/keepass-kdbx/index.mdx | 2 +- docs/user/quickstart/desktop/windows-app.mdx | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/hosting/troubleshooting/desktop-app.mdx b/docs/hosting/troubleshooting/desktop-app.mdx index b8da1b6b..05176f50 100644 --- a/docs/hosting/troubleshooting/desktop-app.mdx +++ b/docs/hosting/troubleshooting/desktop-app.mdx @@ -11,7 +11,7 @@ import Figure from '/src/components/Figure/Figure'; Passbolt Windows Application is something that has been a lot requested from the community, this page is dedicated to troubleshoot the potential errors that can happen throughout the configuration process. ## Account-Kit -The account kit is needed in order to configure the windows application, this can be downloaded from *Profile > Desktop app setup > Download your account kit* +The account kit is needed in order to configure the Windows application, this can be downloaded from *Profile > Desktop app setup > Download your account kit*
    -You may have to manually clear the windows credentials manager. +You may have to manually clear the Windows credentials manager. - Search for "Credentials Manager" - Go to "Web Credentials" diff --git a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx index 4cdaff99..5e675904 100644 --- a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx +++ b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx @@ -38,7 +38,7 @@ import Chips from "/src/components/Chips/Chips"; | Icon | | | | :::warning -KeePass windows TOTP supported : +KeePass Windows TOTP supported : - TimeOtp-Algorithm - TimeOtp-Length - TimeOtp-Period diff --git a/docs/user/quickstart/desktop/windows-app.mdx b/docs/user/quickstart/desktop/windows-app.mdx index 3838cd20..f42e7a80 100644 --- a/docs/user/quickstart/desktop/windows-app.mdx +++ b/docs/user/quickstart/desktop/windows-app.mdx @@ -77,7 +77,7 @@ Please review this information carefully before proceeding. If you find any disc Once your passphrase is validated, the setup of your account will be complete, and you will be able to access the password workspace. -### How can I reset my windows application +### How can I reset my Windows application To unlink an existing account and set up a new one, first download the current entries from the Credentials Manager. To do this, use the search bar to find `Credential Manager` and select it. From 4814a8686c4fc927c9b9beeda02397603aa34f89 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:13:24 +0200 Subject: [PATCH 06/27] Correct spelling of Google --- docs/user/faq/disable-built-in-password-manager.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user/faq/disable-built-in-password-manager.mdx b/docs/user/faq/disable-built-in-password-manager.mdx index 71de5d30..d908433f 100644 --- a/docs/user/faq/disable-built-in-password-manager.mdx +++ b/docs/user/faq/disable-built-in-password-manager.mdx @@ -152,8 +152,8 @@ We will see in this help page how to disable this feature in web browsers and se
    * Tap the setting icon: From 61081cb6465585d2afa2d68ee67b19bba092af98 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:14:28 +0200 Subject: [PATCH 07/27] Correct spelling of KDBX --- docs/user/basic-features/browser/export.mdx | 2 +- src/components/ImportSteps/ImportSteps.js | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index 18ec7211..b03ba989 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -45,6 +45,6 @@ Passbolt export system supports the following file formats: - CSV - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) - CSV - Chromium browsers export (Google Chrome, Microsoft Edge, Brave …) - CSV - Safari -- Kdbx (file format used by KeePass 2.x, you’ll need to specify a KeePass passphrase for the encryption) +- KDBX (file format used by KeePass 2.x, you’ll need to specify a KeePass passphrase for the encryption) If you’d like to request the support of a specific format, you can open a request on [the community forum](https://community.passbolt.com/c/backlog). diff --git a/src/components/ImportSteps/ImportSteps.js b/src/components/ImportSteps/ImportSteps.js index 96721991..763a3f5e 100644 --- a/src/components/ImportSteps/ImportSteps.js +++ b/src/components/ImportSteps/ImportSteps.js @@ -4,9 +4,9 @@ const ImportSteps = () => { return (
    1. Click on the “import” button at the top left, next to the “create” button.
      2. -
    2. Select a file (supported files are kdbx or CSV. More details below.)
      3. +
    3. Select a file (supported files are KDBX or CSV. More details below.)
    4. Click on “continue import”
      5. -
    5. For kdbx files, you might need to enter a password. Enter it and click “Ok”.
      6. +
    6. For KDBX files, you might need to enter a password. Enter it and click “Ok”.
    7. The import will start. You will see a progress bar.
    8. At the end of the import, you will see a report. After closing this window, you will see the passwords imported in your workspace.
    From 4bde68007da6dc09c9dee6288cc115d7a72fea00 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:17:50 +0200 Subject: [PATCH 08/27] Correct spelling of LastPass --- data/import-resources.json | 2 +- docs/user/basic-features/browser/export.mdx | 2 +- docs/user/basic-features/browser/import/lastpass/index.mdx | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/import-resources.json b/data/import-resources.json index 8681ca34..2723bf09 100644 --- a/data/import-resources.json +++ b/data/import-resources.json @@ -1,6 +1,6 @@ [ { - "name": "Lastpass", + "name": "LastPass", "slug": "lastpass", "logo": "/img/import/lastpass.svg", "formats": ["CSV"] diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index b03ba989..2a3f9f85 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -35,7 +35,7 @@ import Chips from "/src/components/Chips/Chips"; Passbolt export system supports the following file formats: -- CSV - Lastpass export +- CSV - LastPass export - CSV - 1password export - CSV - KeePass export - CSV - Dashlane export diff --git a/docs/user/basic-features/browser/import/lastpass/index.mdx b/docs/user/basic-features/browser/import/lastpass/index.mdx index d4ac1b56..2c1e193f 100644 --- a/docs/user/basic-features/browser/import/lastpass/index.mdx +++ b/docs/user/basic-features/browser/import/lastpass/index.mdx @@ -1,5 +1,5 @@ --- -title: Lastpass +title: LastPass description: lastpass resources import --- From 2c9c9e5958ada51a8fa8d4e50f8abec17bc809cb Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:18:16 +0200 Subject: [PATCH 09/27] Correct spelling of 1Password --- docs/user/basic-features/browser/export.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index 2a3f9f85..481c3a24 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -36,7 +36,7 @@ import Chips from "/src/components/Chips/Chips"; Passbolt export system supports the following file formats: - CSV - LastPass export -- CSV - 1password export +- CSV - 1Password export - CSV - KeePass export - CSV - Dashlane export - CSV - Nordpass export From cb9e45c3e829a5154cae37817d5397b0f44a65a6 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:18:30 +0200 Subject: [PATCH 10/27] Correct spelling of NordPass --- docs/user/basic-features/browser/export.mdx | 2 +- docs/user/basic-features/browser/import/nordpass/index.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index 481c3a24..93f023af 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -39,7 +39,7 @@ Passbolt export system supports the following file formats: - CSV - 1Password export - CSV - KeePass export - CSV - Dashlane export -- CSV - Nordpass export +- CSV - NordPass export - CSV - LogMeOnce export - CSV - BitWarden export - CSV - Firefox platforms export (Mozilla Firefox, Waterfox, Pale Moon…) diff --git a/docs/user/basic-features/browser/import/nordpass/index.mdx b/docs/user/basic-features/browser/import/nordpass/index.mdx index 46eb6687..60a4e286 100644 --- a/docs/user/basic-features/browser/import/nordpass/index.mdx +++ b/docs/user/basic-features/browser/import/nordpass/index.mdx @@ -1,5 +1,5 @@ --- -title: Nordpass +title: NordPass description: nordpass resources import --- From 5f0e03b08fe02dbfccd73dd12e5a8277dacdb134 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:18:50 +0200 Subject: [PATCH 11/27] Correct spelling of MacPass --- docs/user/basic-features/browser/import/keepass-kdbx/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx index 5e675904..9db5f1f7 100644 --- a/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx +++ b/docs/user/basic-features/browser/import/keepass-kdbx/index.mdx @@ -26,7 +26,7 @@ import Chips from "/src/components/Chips/Chips"; ## Matrix -| | Windows | KeePassXC | Macpass | +| | Windows | KeePassXC | MacPass | |---|---|---|---| | Title | | | | | Username | | | | From 80976e999f162eda130d1597acbfe4cbcfc7a438 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 16:22:22 +0200 Subject: [PATCH 12/27] Correct spelling of Passbolt --- docs/admin/authentication/mfa/duo.mdx | 20 ++++++++++---------- docs/admin/authentication/mfa/index.mdx | 2 +- docs/admin/authentication/mfa/totp.mdx | 6 +++--- docs/admin/authentication/mfa/yubikey.mdx | 8 ++++---- 4 files changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/admin/authentication/mfa/duo.mdx b/docs/admin/authentication/mfa/duo.mdx index 9003fc99..069620eb 100644 --- a/docs/admin/authentication/mfa/duo.mdx +++ b/docs/admin/authentication/mfa/duo.mdx @@ -1,5 +1,5 @@ --- -title: How to configure passbolt to use Duo +title: How to configure Passbolt to use Duo sidebar_label: Duo description: How to configure Duo with Passbolt hide_table_of_contents: false @@ -32,7 +32,7 @@ Multi Factor Authentication requires HTTPS to work. When using Duo as a form of multi-factor authentication, it is recommended to set up at least one additional multi-factor authentication method as a backup. Should the Duo service experience downtime, this measure guarantees that users can continue to access their accounts despite the malfunction of one authentication method. -In order to authenticate using Duo, the user will be redirected to Duo’s authentication page. Whether the authentication was successful, the user will be redirected back to passbolt. Make sure your users have access to internet or do not enable this authentication provider if you are running passbolt on a private network that is not connected to internet. +In order to authenticate using Duo, the user will be redirected to Duo’s authentication page. Whether the authentication was successful, the user will be redirected back to Passbolt. Make sure your users have access to internet or do not enable this authentication provider if you are running Passbolt on a private network that is not connected to internet. ## Install Duo app @@ -71,11 +71,11 @@ Click on "Protect an application" then find the "Web SDK" application type in th
    -Note down the "Client ID", "Client secret", and "API hostname" details, as it will be request to you later to configure the Duo integration in passbolt. +Note down the "Client ID", "Client secret", and "API hostname" details, as it will be request to you later to configure the Duo integration in Passbolt. ## Enable Duo access @@ -84,17 +84,17 @@ Duo can be set up through either the administration interface or environment var ### Generate a salt :::info -Required only for passbolt server < 3.11. +Required only for Passbolt server < 3.11. ::: Generating a random salt to configure Duo is mandatory, a salt is a random piece of data that is generated and used in the hashing process to protect sensitive information. It is generated and combined with the secret key before hashing it. -To generate a random salt, you can use the passbolt interface, generate a new password as shown below and use it as the generated salt. +To generate a random salt, you can use the Passbolt interface, generate a new password as shown below and use it as the generated salt.
    @@ -144,7 +144,7 @@ size={{ width: '450px', height: 'auto' }} ## Authenticate with Duo -After setting up Duo, each time you sign-in to Passbolt, you'll be prompted to plug authenticate with the method you have chosen during the setup. Additionally, if permitted by the "Multi-factor Authentication Policy", passbolt can remember your MFA authentication for a month. +After setting up Duo, each time you sign-in to Passbolt, you'll be prompted to plug authenticate with the method you have chosen during the setup. Additionally, if permitted by the "Multi-factor Authentication Policy", Passbolt can remember your MFA authentication for a month.
    Date: Thu, 31 Jul 2025 16:25:33 +0200 Subject: [PATCH 13/27] Correct spelling of YubiKey --- data/mfa-providers.json | 2 +- docs/admin/authentication/mfa/yubikey.mdx | 30 ++++++++++----------- docs/hosting/_configuration/mfa/yubikey.mdx | 2 +- static/img/mfa-providers/yubikey.svg | 4 +-- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/data/mfa-providers.json b/data/mfa-providers.json index 046a7fd3..3ec58ac4 100644 --- a/data/mfa-providers.json +++ b/data/mfa-providers.json @@ -5,7 +5,7 @@ "logo": "/img/mfa-providers/duo.svg" }, { - "name": "Yubikey", + "name": "YubiKey", "slug": "yubikey", "logo": "/img/mfa-providers/yubikey.svg" }, diff --git a/docs/admin/authentication/mfa/yubikey.mdx b/docs/admin/authentication/mfa/yubikey.mdx index fba17cfe..93b25d5f 100644 --- a/docs/admin/authentication/mfa/yubikey.mdx +++ b/docs/admin/authentication/mfa/yubikey.mdx @@ -1,6 +1,6 @@ --- -title: How to configure Passbolt to use Yubikey -sidebar_label: Yubikey +title: How to configure Passbolt to use YubiKey +sidebar_label: YubiKey description: How to configure YubiKey with Passbolt hide_table_of_contents: false --- @@ -14,18 +14,18 @@ import Chips from "/src/components/Chips/Chips"; Cloud -Passbolt Pro Edition since v2.5 and CE since v3.9 support Yubikeys and more precisely Yubico OTP as a multi factor authentication option. +Passbolt Pro Edition since v2.5 and CE since v3.9 support YubiKeys and more precisely Yubico OTP as a multi factor authentication option. Yubico OTP is a simple authentication mechanism that is supported by all YubiKeys out of the box and it can be used in addition to another authentication method (such as username and password).
    :::important -Please note than only [Yubikey 5 Series](https://www.yubico.com/products/yubikey-5-overview/) are supported. [Security Keys](https://www.yubico.com/products/security-key/) with FIDO2/U2F/WebAuthN support are currently not supported. +Please note than only [YubiKey 5 Series](https://www.yubico.com/products/yubikey-5-overview/) are supported. [Security Keys](https://www.yubico.com/products/security-key/) with FIDO2/U2F/WebAuthN support are currently not supported. ::: :::important Multi Factor Authentication requires HTTPS to work. @@ -33,7 +33,7 @@ Multi Factor Authentication requires HTTPS to work. ## Security considerations -When using Yubikey as a form of multi-factor authentication, it is recommended to set up at least one additional multi-factor authentication method as a backup. Should users lose their Yubikeys, this measure guarantees that users can continue to access their accounts despite the malfunction of one authentication method. +When using YubiKey as a form of multi-factor authentication, it is recommended to set up at least one additional multi-factor authentication method as a backup. Should users lose their YubiKeys, this measure guarantees that users can continue to access their accounts despite the malfunction of one authentication method. Another key point to consider is that Passbolt verifies whether the key ID used during a login attempt matches the one used at setup. If a user needs to change their key, the second factor must be disabled in advance, either by the user in their User Profile or by an administrator in the Users workspace, especially if the device is lost. @@ -41,7 +41,7 @@ Another key point to consider is that Passbolt verifies whether the key ID used In order to use YubiKey to authenticate to Passbolt you first need get an API key for YubiCloud, Yubico’s web service for verifying one time passwords (OTPs). -Navigate to [upgrade.yubico.com](https://upgrade.yubico.com/getapikey) and signup to the service using your email and your Yubikey. +Navigate to [upgrade.yubico.com](https://upgrade.yubico.com/getapikey) and signup to the service using your email and your YubiKey. Please note that it is no longer possible to [host yourself the OTP validation server](https://support.yubico.com/hc/en-us/articles/360021227000-YK-VAL-YK-KSM-and-YubiHSM-1-End-of-Life). @@ -53,7 +53,7 @@ Please note that it is no longer possible to [host yourself the OTP validation s ## Allow connections to YubiCloud -To authenticate with Yubikey, Passbolt will establish a connection with the YubiCloud service. Make sure that the Passbolt server allows outgoing connections to the following domains: +To authenticate with YubiKey, Passbolt will establish a connection with the YubiCloud service. Make sure that the Passbolt server allows outgoing connections to the following domains: - api.yubico.com - api2.yubico.com @@ -63,11 +63,11 @@ To authenticate with Yubikey, Passbolt will establish a connection with the Yubi Please note that one or more of these domains may be used to try to validate an OTP. -## Enable Yubikey access +## Enable YubiKey access -Yubikey can be set up through either the administration interface or environment variables. Should both settings providers be utilized, the configurations made in the administration interface will take precedence over those specified by environment variables. +YubiKey can be set up through either the administration interface or environment variables. Should both settings providers be utilized, the configurations made in the administration interface will take precedence over those specified by environment variables. -### Enable Yubikey access via the interface +### Enable YubiKey access via the interface To enable YubiKey via the interface, navigate to the multi-factor authentication administration page: *Administration > Multi Factor Authentication*. @@ -79,7 +79,7 @@ Subsequently, enable the "YubiKey" provider by moving the adjacent toggle to the caption="fig. Enable YubiKey in administration settings" /> -### Enable Yubikey access via environment variables +### Enable YubiKey access via environment variables If you are [using docker](/hosting/install/ce/docker/), you can set these environment variables to enable YubiKey for your organization. @@ -96,8 +96,8 @@ The next step will require you to plug your YubiKey and touch it to release a Yu
    ## Authenticate with YubiKey diff --git a/docs/hosting/_configuration/mfa/yubikey.mdx b/docs/hosting/_configuration/mfa/yubikey.mdx index ab46db50..3753d275 100644 --- a/docs/hosting/_configuration/mfa/yubikey.mdx +++ b/docs/hosting/_configuration/mfa/yubikey.mdx @@ -1,5 +1,5 @@ --- -title: Yubikey +title: YubiKey # description: slug: yubikey --- diff --git a/static/img/mfa-providers/yubikey.svg b/static/img/mfa-providers/yubikey.svg index c33c7c3e..4fd47ce2 100644 --- a/static/img/mfa-providers/yubikey.svg +++ b/static/img/mfa-providers/yubikey.svg @@ -1,7 +1,7 @@ - yubikey + YubiKey Created with Sketch. @@ -10,4 +10,4 @@ - \ No newline at end of file + From 017434ca8a7b658e2d30994ff8b8cf9427cf1fe2 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 17:05:40 +0200 Subject: [PATCH 14/27] Correct spelling of GPG --- docs/admin/authentication/account-recovery.mdx | 2 +- docs/hosting/_includes/fromSource/_installation-steps.mdx | 2 +- docs/hosting/_includes/helm/_helm-install-usage.mdx | 2 +- docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx | 2 +- docs/hosting/troubleshooting/logs.mdx | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/admin/authentication/account-recovery.mdx b/docs/admin/authentication/account-recovery.mdx index 2a6b81d1..3d931b32 100644 --- a/docs/admin/authentication/account-recovery.mdx +++ b/docs/admin/authentication/account-recovery.mdx @@ -78,7 +78,7 @@ size={{ width: '450px', height: 'auto' }} In order to be accepted, the organisation key should meet these requirements: -- The key should be public gpg key +- The key should be public GPG key - The key should use the algorithm RSA - The key should have a length of 4096 bits - The key should have a passphrase diff --git a/docs/hosting/_includes/fromSource/_installation-steps.mdx b/docs/hosting/_includes/fromSource/_installation-steps.mdx index 222a3fc9..f0d8dc6d 100644 --- a/docs/hosting/_includes/fromSource/_installation-steps.mdx +++ b/docs/hosting/_includes/fromSource/_installation-steps.mdx @@ -82,7 +82,7 @@ $ gpg --armor --export-secret-keys email@domain.tld > /var/www/passbolt/config/g $ gpg --armor --export email@domain.tld > /var/www/passbolt/config/gpg/serverkey.asc ``` -### 5. Initialize the gpg keyring +### 5. Initialize the GPG keyring You no longer need to be connected as www-data from now. In order for passbolt authentication to work your server key needs to be in the keyring used by the web server. diff --git a/docs/hosting/_includes/helm/_helm-install-usage.mdx b/docs/hosting/_includes/helm/_helm-install-usage.mdx index 447f46b0..62ffe8e8 100644 --- a/docs/hosting/_includes/helm/_helm-install-usage.mdx +++ b/docs/hosting/_includes/helm/_helm-install-usage.mdx @@ -36,7 +36,7 @@ Update this variable with the server name you plan to use. You will find at the <>{props.productName === 'PRO' && } -If you are creating your own gpg keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects. +If you are creating your own GPG keys the following commands can help convert them into a base64 encoded single line string which is what the values.yaml file expects. ```bash gpg --armor --export-secret-keys | base64 -w 0 diff --git a/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx b/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx index 6ebfe6cd..873ea17e 100644 --- a/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx +++ b/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx @@ -65,7 +65,7 @@ Ensure the fingerprint from private key is the same: sudo gpg --show-keys /etc/passbolt/gpg/serverkey_private.asc | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' ' ``` -CentOS 7 gpg command is quite old and has no `–show-keys` parameter. Use these commands instead: +CentOS 7 `gpg` command is quite old and has no `–show-keys` parameter. Use these commands instead: ```bash # public key fingerprint sudo cat /etc/passbolt/gpg/serverkey.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$)" | tr -d ' ' | sed 's/Keyfingerprint=//' diff --git a/docs/hosting/troubleshooting/logs.mdx b/docs/hosting/troubleshooting/logs.mdx index 958b625f..995fec9b 100644 --- a/docs/hosting/troubleshooting/logs.mdx +++ b/docs/hosting/troubleshooting/logs.mdx @@ -48,7 +48,7 @@ The healthcheck is used to check whether the Passbolt system is running as expec ### Datacheck -The datacheck is a great tool as it aims to have a look at the data integrity for gpg keys, authentication tokens, groups, resources, etc. +The datacheck is a great tool as it aims to have a look at the data integrity for GPG keys, authentication tokens, groups, resources, etc. **Package Installation** ```bash From ff4040b6e549f018f653bdfd412d2677c29e0d63 Mon Sep 17 00:00:00 2001 From: "marc.wuerth" Date: Thu, 31 Jul 2025 17:45:23 +0200 Subject: [PATCH 15/27] Correct spelling of Passbolt And some format auto-fixes. --- README.md | 4 +- .../_includes/sso/email-matching-warning.mdx | 2 +- .../admin/authentication/account-recovery.mdx | 4 +- docs/admin/authentication/sso/google.mdx | 2 +- docs/admin/authentication/sso/microsoft.mdx | 16 +-- docs/admin/emails/email-notifications.mdx | 12 +- .../emails/email-server/google/index.mdx | 2 +- docs/admin/emails/email-server/index.mdx | 2 +- docs/admin/faq/disable-MFA.mdx | 2 +- .../enable-disable-import-export-plugins.mdx | 2 +- docs/admin/faq/generate-openpgp-key.mdx | 2 +- docs/admin/index.mdx | 4 +- docs/admin/role-based-access-control.mdx | 6 +- .../passbolt-api-status.mdx | 26 ++-- docs/admin/user-provisioning/delete-user.mdx | 2 +- .../admin/user-provisioning/manage-groups.mdx | 4 +- .../roles-and-permissions.mdx | 8 +- .../advanced-directory-options.mdx | 114 +++++++++--------- .../users-directory/directory-options.mdx | 16 +-- .../users-directory/index.mdx | 54 ++++----- docs/contribute/security/bug-bounty.mdx | 12 +- docs/contribute/security/vulnerability.mdx | 12 +- docs/contribute/translation.mdx | 42 +++---- docs/contribute/translator/externalize.mdx | 26 ++-- docs/contribute/translator/proofread.mdx | 12 +- docs/development/authentication.mdx | 6 +- docs/development/getting-started.mdx | 28 ++--- docs/development/index.mdx | 6 +- .../_configuration/ssl/auto/_aws-ce.mdx | 6 +- .../_configuration/ssl/auto/_aws-pro.mdx | 6 +- docs/hosting/_configuration/ssl/auto/aws.mdx | 8 +- .../_includes/ansible/_user-registration.mdx | 6 +- .../_includes/backup/_prerequisites.mdx | 4 +- .../hosting/_includes/backup/_secret-keys.mdx | 4 +- .../docker/_docker-compose-usage.mdx | 6 +- .../fromSource/_installation-steps.mdx | 16 +-- .../fromSource/_introduction-from-source.mdx | 4 +- .../fromSource/_system-requirements.mdx | 2 +- .../_includes/helm/_helm-install-usage.mdx | 2 +- .../_includes/https/auto-common-images.mdx | 6 +- docs/hosting/_includes/https/deb-auto.mdx | 6 +- docs/hosting/_includes/https/deb-manual.mdx | 20 +-- docs/hosting/_includes/https/docker-auto.mdx | 10 +- .../hosting/_includes/https/docker-manual.mdx | 6 +- .../hosting/_includes/https/nginx-success.mdx | 4 +- .../https/preinstalled-reconfigure-common.mdx | 8 +- docs/hosting/_includes/https/rpm-manual.mdx | 6 +- .../migrate/docker/_prerequisites.mdx | 8 +- .../_includes/migrate/migration-data.mdx | 6 +- .../migrate/migration-requirements.mdx | 4 +- .../_includes/migrate/migration-setup.mdx | 2 +- .../migrate/scripts/_copy-configuration.mdx | 6 +- .../_migrate-from-script-to-package.mdx | 4 +- docs/hosting/_includes/ova/_setup.mdx | 6 +- .../package/_aws-ami-installation.mdx | 2 +- .../_configure-debian-package-mariadb.mdx | 20 +-- .../package/_configure-rpm-package.mdx | 16 +-- .../package/_digital-ocean-installation.mdx | 14 +-- .../_includes/package/_update-process.mdx | 4 +- .../_includes/package/_upgrade-process.mdx | 12 +- .../_includes/warning/_apt-mysql-warning.mdx | 4 +- .../warning/_subdirectory-https-warning.mdx | 4 +- docs/hosting/_includes/wizard/_admin.mdx | 6 +- docs/hosting/_includes/wizard/_server.mdx | 24 ++-- docs/hosting/backup/from-packages.mdx | 2 +- docs/hosting/backup/from-sources.mdx | 2 +- .../database/configure-database/mysql.mdx | 2 +- .../database/configure-database/postgres.mdx | 6 +- .../update-database-credentials/docker.mdx | 2 +- .../configure/environment-reference.mdx | 4 +- docs/hosting/configure/https/ce/aws-auto.mdx | 4 +- .../configure/https/ce/debian-auto.mdx | 4 +- .../configure/https/ce/debian-manual.mdx | 4 +- .../configure/https/ce/digital-ocean-auto.mdx | 4 +- .../configure/https/ce/docker-auto.mdx | 4 +- .../configure/https/ce/docker-manual.mdx | 4 +- .../hosting/configure/https/ce/rpm-manual.mdx | 4 +- docs/hosting/configure/https/pro/aws-auto.mdx | 2 +- .../configure/https/pro/debian-auto.mdx | 2 +- .../configure/https/pro/debian-manual.mdx | 4 +- .../configure/https/pro/docker-auto.mdx | 4 +- .../configure/https/pro/docker-manual.mdx | 4 +- docs/hosting/configure/https/pro/ova-auto.mdx | 4 +- .../configure/https/pro/rpm-manual.mdx | 4 +- docs/hosting/faq/do-you-provide-hosting.mdx | 6 +- docs/hosting/faq/generate-openpgp-key.mdx | 2 +- .../how-can-I-update-my-passbolt-server.mdx | 6 +- .../how-to-generate-jwt-key-pair-manually.mdx | 2 +- ...-ssl-certificate-on-mobile-application.mdx | 2 +- .../faq/how-to-increase-auto-logout-time.mdx | 2 +- ...stall-passbolt-in-non-interactive-mode.mdx | 10 +- .../faq/how-to-install-passbolt-server.mdx | 8 +- .../faq/how-to-make-passbolt-backups.mdx | 6 +- .../faq/how-to-rotate-server-gpg-keys.mdx | 8 +- .../faq/how-to-update-my-subscription-key.mdx | 8 +- .../faq/how-to-use-docker-rootless-images.mdx | 2 +- .../what-are-minimum-server-requirements.mdx | 2 +- .../where-to-get-help-for-install-issues.mdx | 2 +- .../faq/why-I-see-unsafe-mode-banner.mdx | 4 +- docs/hosting/index.mdx | 6 +- docs/hosting/troubleshooting/docker.mdx | 4 +- docs/hosting/troubleshooting/email.mdx | 6 +- docs/hosting/troubleshooting/helm.mdx | 2 +- docs/hosting/troubleshooting/ldap.mdx | 20 +-- docs/hosting/troubleshooting/logs.mdx | 2 +- .../troubleshooting/performance-tweaks.mdx | 2 +- docs/hosting/troubleshooting/ssl-tls.mdx | 18 +-- docs/hosting/update/docker.mdx | 8 +- docs/hosting/update/from-source.mdx | 20 +-- docs/hosting/upgrade/docker.mdx | 12 +- docs/user/advanced-features/tags/index.mdx | 2 +- .../browser/copy-to-clipboard.mdx | 2 +- docs/user/basic-features/browser/export.mdx | 2 +- .../basic-features/browser/import/index.mdx | 2 +- .../basic-features/browser/share-resource.mdx | 2 +- .../faq/disable-built-in-password-manager.mdx | 6 +- docs/user/faq/why-a-browser-extension.mdx | 6 +- docs/user/index.mdx | 6 +- .../introduction/what-is-my-passbolt-url.mdx | 30 ++--- .../why-use-a-password-manager.mdx | 2 +- .../browser/admin-assisted-recovery.mdx | 4 +- docs/user/quickstart/browser/first-setup.mdx | 14 +-- .../browser/setup-on-another-machine.mdx | 8 +- docs/user/quickstart/desktop/windows-app.mdx | 2 +- .../browser/account-recovery-setup.mdx | 4 +- docs/user/settings/browser/change-avatar.mdx | 2 +- .../settings/browser/change-passphrase.mdx | 2 +- docs/user/settings/browser/security-token.mdx | 4 +- openapi/components/schemas/resourceTypes.yml | 4 +- openapi/paths/healthcheckStatus.yml | 2 +- openapi/root.yml | 2 +- src/components/HomepageHero/index.jsx | 8 +- 132 files changed, 527 insertions(+), 529 deletions(-) diff --git a/README.md b/README.md index d506a8d1..ebe6ea94 100644 --- a/README.md +++ b/README.md @@ -36,8 +36,8 @@ Affero General Public License v3. ## About Passbolt help site -This repository contains the code used for the knowledge base and help section of passbolt website. -Find out more about passbolt here: +This repository contains the code used for the knowledge base and help section of Passbolt website. +Find out more about Passbolt here: [https://www.passbolt.com](https://www.passbolt.com "Passbolt Homepage") ## Contributing diff --git a/docs/admin/_includes/sso/email-matching-warning.mdx b/docs/admin/_includes/sso/email-matching-warning.mdx index 564d7545..7a2cb68b 100644 --- a/docs/admin/_includes/sso/email-matching-warning.mdx +++ b/docs/admin/_includes/sso/email-matching-warning.mdx @@ -1,3 +1,3 @@ :::danger -Emails from the SSO provider must match the email from passbolt you are authenticating with. This is to avoid having the possibility to use any accounts from the app registration and bypass the authentication. +Emails from the SSO provider must match the email from Passbolt you are authenticating with. This is to avoid having the possibility to use any accounts from the app registration and bypass the authentication. ::: diff --git a/docs/admin/authentication/account-recovery.mdx b/docs/admin/authentication/account-recovery.mdx index 3d931b32..d4651368 100644 --- a/docs/admin/authentication/account-recovery.mdx +++ b/docs/admin/authentication/account-recovery.mdx @@ -24,7 +24,7 @@ You can follow this procedure if you are meeting the following requirements: ## How does it work? -Account recovery is a feature introduced with passbolt v3.6.0 that as for aim to help users to recover their accounts in +Account recovery is a feature introduced with Passbolt v3.6.0 that as for aim to help users to recover their accounts in case of recovery kit or passphrase loss. Depending on the organisation policy, all users will be able to deposit an encrypted backup of their private keys in @@ -66,7 +66,7 @@ encrypt the escrow of the organisation users private keys. #### Import the organisation key -This method is the recommended one as it will keep your organisation key isolated from passbolt until the moment you +This method is the recommended one as it will keep your organisation key isolated from Passbolt until the moment you need it.
    :::caution[Things to consider] -The Authorized redirect URIs should be the URL given by the passbolt while configuring SSO from administration (https://your-domain.com/app/administration/sso). Google can accept any valid URL in redirect URLs but it might not work with passbolt. +The Authorized redirect URIs should be the URL given by the passbolt while configuring SSO from administration (https://your-domain.com/app/administration/sso). Google can accept any valid URL in redirect URLs but it might not work with Passbolt. ::: ## Configure SSO through the GUI diff --git a/docs/admin/authentication/sso/microsoft.mdx b/docs/admin/authentication/sso/microsoft.mdx index 7db5a643..ab047669 100644 --- a/docs/admin/authentication/sso/microsoft.mdx +++ b/docs/admin/authentication/sso/microsoft.mdx @@ -47,10 +47,10 @@ Open both the Entra admin center and Passbolt: caption="fig. Passbolt administration" /> -You must ensure users are present both in passbolt and Entra ID, the email is used to correlate accounts. +You must ensure users are present both in Passbolt and Entra ID, the email is used to correlate accounts. -* Users that are not present in Entra ID but are present in passbolt will not be able to use SSO (a message on Microsoft side will be shown). -* Users that are not present in passbolt but are present in Entra ID will not be able to login in passbolt (a message on passbolt side will be shown). +* Users that are not present in Entra ID but are present in Passbolt will not be able to use SSO (a message on Microsoft side will be shown). +* Users that are not present in Passbolt but are present in Entra ID will not be able to login in Passbolt (a message on Passbolt side will be shown).
    Overview* from the left panel menu. - * Make sure your user email in Azure Directory matches the one in passbolt -* Copy your Tenant ID (a UUID) and paste it in passbolt + * Make sure your user email in Azure Directory matches the one in Passbolt +* Copy your Tenant ID (a UUID) and paste it in Passbolt * Click on *Add > App registration*
    -In your passbolt instance: +In your Passbolt instance: * Click save settings * A dialog will open with Microsoft button, click on it diff --git a/docs/admin/emails/email-notifications.mdx b/docs/admin/emails/email-notifications.mdx index 9c1de7dc..a5da8f3f 100644 --- a/docs/admin/emails/email-notifications.mdx +++ b/docs/admin/emails/email-notifications.mdx @@ -16,8 +16,8 @@ import Chips from "/src/components/Chips/Chips"; ### How to configure email notification settings for your organization -Some actions in passbolt, such as a user sharing a password with someone else, trigger an email notification. -As passbolt admin, you can control which events result in an email notification and which events are ignored. +Some actions in Passbolt, such as a user sharing a password with someone else, trigger an email notification. +As Passbolt admin, you can control which events result in an email notification and which events are ignored. Similarly you can control whether or not a piece of information is included in those notification emails. ## Passbolt events that trigger email notification @@ -35,7 +35,7 @@ Similarly you can control whether or not a piece of information is included in t When a password is updated. All the users having access to the given password. When a password is deleted. All the users who had access to the given password. When a new user is invited. The invited user. - When users try to recover their passbolt account. The user trying to recover their account. + When users try to recover their Passbolt account. The user trying to recover their account. When a group is deleted. Group's members. A user is added to a group. The user getting added. A user is removed from a group. The user getting removed. @@ -117,7 +117,7 @@ event and setting it 0 (zero) will ignore the event. When a password is updated PASSBOLT_EMAIL_SEND_PASSWORD_UPDATE When a password is deleted PASSBOLT_EMAIL_SEND_PASSWORD_DELETE When a new user is invited PASSBOLT_EMAIL_SEND_USER_CREATE - When users try to recover their passbolt account PASSBOLT_EMAIL_SEND_USER_RECOVER + When users try to recover their Passbolt account PASSBOLT_EMAIL_SEND_USER_RECOVER When a group is deleted PASSBOLT_EMAIL_SEND_GROUP_DELETE A user is added to a group PASSBOLT_EMAIL_SEND_GROUP_USER_ADD A user is removed from a group PASSBOLT_EMAIL_SEND_GROUP_USER_DELETE @@ -167,7 +167,7 @@ such as the database name, for example: ## Using config file Email notification settings can also be managed by updating the config/passbolt.php file in your install directory. -These settings live in the email key under passbolt. +These settings live in the email key under Passbolt. { @@ -211,7 +211,7 @@ will ignore the event. When a password is updated passbolt.email.send.password.update When a password is deleted passbolt.email.send.password.delete When a new user is invited passbolt.email.send.user.create - When users try to recover their passbolt account passbolt.email.send.user.recover + When users try to recover their Passbolt account passbolt.email.send.user.recover When a group is deleted passbolt.email.send.group.delete When a user is added to a group passbolt.email.send.group.user.add When a user is removed from a group passbolt.email.send.group.user.delete diff --git a/docs/admin/emails/email-server/google/index.mdx b/docs/admin/emails/email-server/google/index.mdx index 958ef634..c369c9e5 100644 --- a/docs/admin/emails/email-server/google/index.mdx +++ b/docs/admin/emails/email-server/google/index.mdx @@ -83,7 +83,7 @@ Please, note that the password could not be shown after your close the tab, plea On your Passbolt instance, you can navigate to *Administration > Email server*. :::danger[IMPORTANT] -You are using Google Workspace? You will need to add the **IP address of the passbolt instance** in the "SMTP client" field. +You are using Google Workspace? You will need to add the **IP address of the Passbolt instance** in the "SMTP client" field. ::: In the example below, we will use Google Email which is the free version. diff --git a/docs/admin/emails/email-server/index.mdx b/docs/admin/emails/email-server/index.mdx index 91fd8bbf..8dc81c29 100644 --- a/docs/admin/emails/email-server/index.mdx +++ b/docs/admin/emails/email-server/index.mdx @@ -23,7 +23,7 @@ Passbolt relies heavily on emails: - Account recovery - Notifications on different user actions -Having a working email setup is essential if you want to use passbolt at its best. There are many email providers +Having a working email setup is essential if you want to use Passbolt at its best. There are many email providers and each one has its own setup process. The aim of this help page is to provide the basic concepts so each admin can setup their provider adjusting to their particular case. diff --git a/docs/admin/faq/disable-MFA.mdx b/docs/admin/faq/disable-MFA.mdx index fb59ed47..4f0ed98d 100644 --- a/docs/admin/faq/disable-MFA.mdx +++ b/docs/admin/faq/disable-MFA.mdx @@ -31,7 +31,7 @@ In the *users* workspace, as an administrator, it is possible to right click on # Server -In the passbolt database, it is possible with an SQL query to deactivate MFA for the user +In the Passbolt database, it is possible with an SQL query to deactivate MFA for the user {`SELECT id, username FROM users WHERE username='USERNAME';`} diff --git a/docs/admin/faq/enable-disable-import-export-plugins.mdx b/docs/admin/faq/enable-disable-import-export-plugins.mdx index 6c328875..417e43df 100644 --- a/docs/admin/faq/enable-disable-import-export-plugins.mdx +++ b/docs/admin/faq/enable-disable-import-export-plugins.mdx @@ -22,7 +22,7 @@ Otherwise, if you prefer it to be explicit, you can add the section below to you { - ` /* Locate or add the passbolt section */ + ` /* Locate or add the Passbolt section */ 'passbolt' => [ /* Locate or add the plugins section */ 'plugins' => [ diff --git a/docs/admin/faq/generate-openpgp-key.mdx b/docs/admin/faq/generate-openpgp-key.mdx index c928758c..17facc3c 100644 --- a/docs/admin/faq/generate-openpgp-key.mdx +++ b/docs/admin/faq/generate-openpgp-key.mdx @@ -30,7 +30,7 @@ This command will run an interactive wizard that will help you define the key se 1. Select the key type, by instance: *RSA*. 2. If RSA was chosen, select the keysize, by instance for a strong key: *3072*. -3. Select the expiration time, by instance for "no expiry": *0*. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing. +3. Select the expiration time, by instance for "no expiry": *0*. Note that key expiration is not well handled by Passbolt, set an expiration date only if you know what you are doing. 4. Confirm the key type information. 5. Enter a name, by instance: *Ada Lovelace*. 6. Enter an email, by instance: *ada.lovelace@mydomain.tld*. diff --git a/docs/admin/index.mdx b/docs/admin/index.mdx index 7174d4b9..bd9109d9 100644 --- a/docs/admin/index.mdx +++ b/docs/admin/index.mdx @@ -17,10 +17,10 @@ import Figure from '@site/src/components/Figure/Figure'; The documentation for Passbolt contains several main sections, all accessible from the top navigation bar: - The [Admin Guide](/docs/admin/) that you're currently reading contains all the information for users with the administrator role, e.g. all about the user and admin workspaces. -- The [Hosting Guide](/docs/hosting/) contains all the technical information related to the setup and update of your passbolt self-hosted server. +- The [Hosting Guide](/docs/hosting/) contains all the technical information related to the setup and update of your Passbolt self-hosted server. - The [User Guide](/docs/user/) contains all about the functionalities available to every users. - The [API Guide](/docs/api/) contains low-level and detailed information related to the different endpoints of the backend API. - The [Contribute Guide](/docs/contribute/) contains information about how you can contribute to Passbolt in different ways. -If you are new to passbolt you can get some introduction in the next section, otherwise feel free to peruse and find +If you are new to Passbolt you can get some introduction in the next section, otherwise feel free to peruse and find what you are looking for using the navigation on the left. diff --git a/docs/admin/role-based-access-control.mdx b/docs/admin/role-based-access-control.mdx index 71792bc3..745c9f6e 100644 --- a/docs/admin/role-based-access-control.mdx +++ b/docs/admin/role-based-access-control.mdx @@ -16,12 +16,12 @@ import Chips from "/src/components/Chips/Chips"; :::important RBAC is currently available at the user interface (UI) level, with the API level planned in the future. -So please note that this first release of RBAC only restricts passbolt at the interface level, not the underlying API. +So please note that this first release of RBAC only restricts Passbolt at the interface level, not the underlying API. ::: ### How to configure Role-Based Access Control -Since version 4.1.0, all editions of passbolt support Role-Based Access Control. +Since version 4.1.0, all editions of Passbolt support Role-Based Access Control.
    = v4.1.0. +* You are running Passbolt >= v4.1.0. * You have an active administrator account. ### How does it work? diff --git a/docs/admin/server-maintenance/passbolt-api-status.mdx b/docs/admin/server-maintenance/passbolt-api-status.mdx index 5e03602f..2e82917d 100644 --- a/docs/admin/server-maintenance/passbolt-api-status.mdx +++ b/docs/admin/server-maintenance/passbolt-api-status.mdx @@ -88,13 +88,13 @@ sudo chmod -R 664 $(find /var/log/passbolt -type f)`} #### GD or Imagick -GD **or** Imagick module have to be installed in order for passbolt to manipulate images. If you have some errors with this check, you can take a look at [this documentation](https://secure.php.net/manual/en/book.image.php) +GD **or** Imagick module have to be installed in order for Passbolt to manipulate images. If you have some errors with this check, you can take a look at [this documentation](https://secure.php.net/manual/en/book.image.php) #### Intl The Intl module is needed for the internationalisation. If you have any error with this check, you should take a look [this documentation](https://secure.php.net/manual/en/book.intl.php) #### Mbstring -Mbstring is designed for safe and efficient handling of multibyte strings, allowing passbolt to work with textual data in various encodings. If you encounter some errors related to this module, you can take a look at [this documentation](https://secure.php.net/manual/en/book.mbstring.php) +Mbstring is designed for safe and efficient handling of multibyte strings, allowing Passbolt to work with textual data in various encodings. If you encounter some errors related to this module, you can take a look at [this documentation](https://secure.php.net/manual/en/book.mbstring.php) #### NTP The server requires accurate system time for cryptographic operations and security measures. If the system clock is not synchronized, it may lead to authentication errors, expiration issues, and other unexpected behavior. @@ -104,7 +104,7 @@ If the check fails, it means that NTP could be inactive, and your system clock m :::tip[PRO TIP] If you are on Docker or Helm, you should not manually iterate on the configuration files. Restarting the container or the pod should resolve the file conflicts except if they have been mounted. ::: -This section is there to ensure that both application and passbolt configuration file are present. +This section is there to ensure that both application and Passbolt configuration file are present. #### Application Configuration File @@ -114,7 +114,7 @@ This file is critical for the application, if it is missing, you should do a cop #### Passbolt Configuration File -This is the passbolt configuration file, it is needed to ensure that passbolt have been completely configured. +This is the Passbolt configuration file, it is needed to ensure that Passbolt have been completely configured. {`sudo cp /etc/passbolt/passbolt.default.php /etc/passbolt/passbolt.php`} @@ -150,8 +150,8 @@ Helps to confirm that the fullBaseUrl is defined, if it is not defined yet, you src={ '/img/help/2024/06/update-fullbaseurl.png' } - caption="fig. Update the fullBaseUrl in the passbolt configuration file" - alt="Update the fullBaseUrl in the passbolt configuration file" + caption="fig. Update the fullBaseUrl in the Passbolt configuration file" + alt="Update the fullBaseUrl in the Passbolt configuration file" /> #### Full Base URL validation @@ -160,7 +160,7 @@ It checks that the fullBaseUrl is correct and match the expectation, if there is - Select a valid domain name as defined by section 2.3.1 [here](https://www.ietf.org/rfc/rfc1035.txt) #### Healthcheck Status -It checks that the status url is reachable. If you have any error with this check, the good news is that this warning should not limit you for running passbolt, however, in order to get rid of this warning, you will need to ensure a few things: +It checks that the status url is reachable. If you have any error with this check, the good news is that this warning should not limit you for running Passbolt, however, in order to get rid of this warning, you will need to ensure a few things: - `App.fullBaseUrl` is correct inside */etc/passbolt/passbolt.php* or with the environment variable `APP_FUL_BASE_URL` if you are on Docker or Helm. - The server is able to ping the domain with `ping YOUR_DOMAIN` @@ -405,19 +405,19 @@ Ensure that the private server key format is compatible with Gopengpg, errors ar These verifications validate various application settings, including SSL enforcement, versioning, and plugin configurations. #### Passbolt version -It helps to identify which version are running and if it is the latest version. You could face some errors while having an updated version if the server is in an air gap environment and it could not connect to the passbolt repository to check versions. +It helps to identify which version are running and if it is the latest version. You could face some errors while having an updated version if the server is in an air gap environment and it could not connect to the Passbolt repository to check versions. If the server is not up-to-date, unless you have an internal good reason, please consider [updating](/docs/hosting/update) to the latest version. #### Force SSL -We recommend using SSL with Passbolt, this checks verify if passbolt has been configured to force SSL. If you have this error, you will need to set `passbolt.ssl.force` to true in */etc/passbolt/passbolt.php* +We recommend using SSL with Passbolt, this checks verify if Passbolt has been configured to force SSL. If you have this error, you will need to set `passbolt.ssl.force` to true in */etc/passbolt/passbolt.php*
    #### Full Base URL HTTPS @@ -460,10 +460,10 @@ Enabled by default, it check if the self registration plugin is enabled as expec This check is following the self registration plugin. It checks if the open registration is closed and only the admins are allowed to create users or if the self registration plugin is enabled and it has been configured in the user interface through *Administration > Self registration*. You should be able to see which self registration provider is set. #### Deprecated self registration public settings -This check ensure that the self registration public settings are not present in the passbolt configuration file in */etc/passbolt/passbolt.php*, if it is still there you may remove the `passbolt.registration.public` settings. +This check ensure that the self registration public settings are not present in the Passbolt configuration file in */etc/passbolt/passbolt.php*, if it is still there you may remove the `passbolt.registration.public` settings. #### Host availability -The passbolt server will verify the email domain names. This means that passbolt will query DNS for an MX record associated with the email addresses used. **This is disabled by default**. +The Passbolt server will verify the email domain names. This means that Passbolt will query DNS for an MX record associated with the email addresses used. **This is disabled by default**. When it is enabled, it won't be possible to proceed to a user creation using a local email address, if you are confident about using trusted email domain addresses, you may want to enable it. diff --git a/docs/admin/user-provisioning/delete-user.mdx b/docs/admin/user-provisioning/delete-user.mdx index 4016f903..6b4b35b3 100644 --- a/docs/admin/user-provisioning/delete-user.mdx +++ b/docs/admin/user-provisioning/delete-user.mdx @@ -22,7 +22,7 @@ Unlike shared resources, they won't be retained. ## What happens when you delete a user who is sole owner of a shared resource? -When a user, sole owner of a resource, is about to be deleted, a popup window is displayed and passbolt admin will +When a user, sole owner of a resource, is about to be deleted, a popup window is displayed and Passbolt admin will be asked to transfer ownership of the resource to the group or user. If the deleted user was also the sole group manager, passbolt admin will promote another user of the group as group manager. diff --git a/docs/admin/user-provisioning/manage-groups.mdx b/docs/admin/user-provisioning/manage-groups.mdx index a565db35..7495921d 100644 --- a/docs/admin/user-provisioning/manage-groups.mdx +++ b/docs/admin/user-provisioning/manage-groups.mdx @@ -6,9 +6,9 @@ sidebar_position: 2 hide_table_of_contents: false --- -## Who can create a group in passbolt? +## Who can create a group in Passbolt? -Only a passbolt administrator can create groups on passbolt. +Only a Passbolt administrator can create groups on Passbolt. ## What is the difference between a group manager and group member? diff --git a/docs/admin/user-provisioning/roles-and-permissions.mdx b/docs/admin/user-provisioning/roles-and-permissions.mdx index 189ceb28..3562393c 100644 --- a/docs/admin/user-provisioning/roles-and-permissions.mdx +++ b/docs/admin/user-provisioning/roles-and-permissions.mdx @@ -1,7 +1,7 @@ --- title: Roles and Permissions sidebar_label: Roles and Permissions -description: In depth information about roles and permission in passbolt +description: In depth information about roles and permission in Passbolt hide_table_of_contents: false sidebar_position: 1 --- @@ -68,7 +68,7 @@ Each group must have at least one group manager in charge of adding and removing /> -Due to the nature of the encryption in passbolt, only someone with access to the secrets of a given group can add a member to that group (as they need to be able to decrypt and encrypt the secret for the new member). +Due to the nature of the encryption in Passbolt, only someone with access to the secrets of a given group can add a member to that group (as they need to be able to decrypt and encrypt the secret for the new member). | Action | Group manager | Group member | |------------------------------|---------------|--------------| @@ -79,7 +79,7 @@ Due to the nature of the encryption in passbolt, only someone with access to the ### Additional resources: -* [Blog post: How passbolt will implement groups (2017)](https://www.passbolt.com/blog/how-passbolt-will-implement-groups) +* [Blog post: How Passbolt will implement groups (2017)](https://www.passbolt.com/blog/how-passbolt-will-implement-groups) * [Groups functional specifications (2020)](https://docs.google.com/document/d/1b7hwleV0VrU45ARErCutgNBQTD48mjoFVfD_OEE4le8/) ## Resource level roles @@ -127,7 +127,7 @@ Once an item is inside a folder what can be done with the items does not depend One of the key requirements is to be able to apply a given folder permission to the items inside it. For example when a user “share” a folder or create a new item in that folder, or drop an existing resource in a folder, the folder permissions will be applied to the items where possible. -The “where possible” is important here. While folders in passbolt can be used to organize resources and apply permissions, folders do not enforce the permission on its enclosed content at all times, but serve as a guide when an operation such as create or move is performed. As we have seen exceptions can be created, i.e. it is possible for a user to have more rights on an item than they have on a given folder. The opposite is also possible, the same way it is possible to create a hidden or restricted file in a shared folder in a traditional filesystem. +The “where possible” is important here. While folders in Passbolt can be used to organize resources and apply permissions, folders do not enforce the permission on its enclosed content at all times, but serve as a guide when an operation such as create or move is performed. As we have seen exceptions can be created, i.e. it is possible for a user to have more rights on an item than they have on a given folder. The opposite is also possible, the same way it is possible to create a hidden or restricted file in a shared folder in a traditional filesystem. One should picture a folder permission list as a permission mask, i.e. a predefined set of group/user rights, that could be applied to the folder content whenever a user is interacting with it. Applying permissions on a folder is the equivalent of selecting all the resources the user has the right to share inside the given folder and apply a new set of permission to this selection. Items where the user does not have access to (or cannot edit the permissions) will be ignored. diff --git a/docs/admin/user-provisioning/users-directory/advanced-directory-options.mdx b/docs/admin/user-provisioning/users-directory/advanced-directory-options.mdx index 868f07c1..63951810 100644 --- a/docs/admin/user-provisioning/users-directory/advanced-directory-options.mdx +++ b/docs/admin/user-provisioning/users-directory/advanced-directory-options.mdx @@ -16,137 +16,137 @@ Even with a correct setup, some issues may arise during directory synchronizatio ### Synchronization Error Messages When running a sync (simulated or actual), Passbolt may display errors or warnings for users or groups it couldn't process. These messages highlight common issues and help guide troubleshooting. -**Message** +**Message** :::info `The user [email_protected] could not be added to group X because it is not active yet.` ::: -**Explanation** +**Explanation** This means a user was synced (created) and the sync tried to add them to a Passbolt group, but the user hasn't activated their Passbolt account yet (they haven't clicked the invite link to finalize setup). Passbolt cannot add inactive users to groups. -**Solution** +**Solution** No manual intervention needed with cron jobs enabled – as soon as the user activates their account, Passbolt will automatically add them to the group on the next sync. --- -**Message** +**Message** :::warning -`The user [email_protected] could not be mapped with an existing user in passbolt because it was created after.` +`The user [email_protected] could not be mapped with an existing user in Passbolt because it was created after.` ::: -**Explanation** +**Explanation** This indicates a conflict where the user exists in both Passbolt and LDAP, but was first created in Passbolt (likely manually) and later appeared in LDAP. Passbolt gives priority to its existing user record and will not auto-merge or replace it via sync. -**Solution** +**Solution** Delete the user from Passbolt and re-run sync. Be cautious of any existing passwords to avoid orphaning. --- -**Message** +**Message** :::warning -`The group X could not be mapped with an existing group in passbolt because it was created after.` +`The group X could not be mapped with an existing group in Passbolt because it was created after.` ::: -**Explanation** +**Explanation** A group was created manually in Passbolt before being present in LDAP. -**Solution** +**Solution** Delete the manual group in Passbolt (after confirming it's safe), then re-run sync to re-create it from LDAP. --- -**Message** +**Message** :::info -`The previously deleted user [email_protected] was not re-added to passbolt.` +`The previously deleted user [email_protected] was not re-added to Passbolt.` ::: -**Explanation** +**Explanation** This occurs when a user that exists in LDAP was manually deleted in Passbolt. Sync respects manual deletions. -**Solution** +**Solution** Manually recreate the user in Passbolt, then run sync again. --- -**Message** +**Message** :::danger `The user [email_protected] could not be added to the group X because of an internal error.` ::: -**Explanation** +**Explanation** Often this means the group didn't exist when sync tried to add the user. -**Solution** +**Solution** Check the sync logs for errors during group creation, fix them, and re-run sync. --- -**Message** +**Message** :::tip `A request to add user [email_protected] in group X was sent to the group manager.` ::: -**Explanation** +**Explanation** Passbolt cannot auto-share existing secrets due to encryption constraints. This is expected behavior. -**Solution** +**Solution** The group manager must manually add the user through the UI. --- -**Message** +**Message** :::info `The user A was not synced with existing membership for group B because the membership was created before.` ::: -**Explanation** +**Explanation** A user was manually added to a group before sync tried to assign them. -**Solution** +**Solution** Remove the manual group membership and re-run sync to allow LDAP to take control. --- -**Message** +**Message** :::info User removed from LDAP group remains in Passbolt group (no direct error) ::: -**Explanation** +**Explanation** Manual group membership blocks LDAP-driven removal. -**Solution** +**Solution** Manually remove the user from the Passbolt group to align with LDAP. --- -**Message** +**Message** :::info -`The user [email_protected] could not be added to the group X because membership was removed in passbolt.` +`The user [email_protected] could not be added to the group X because membership was removed in Passbolt.` ::: -**Explanation** +**Explanation** The user was removed from the group manually, and Passbolt respects that decision. -**Solution** +**Solution** If the user should be in the group, manually re-add them, then re-run sync. --- -**Message** +**Message** :::danger `The user undefined could not be added because of data validation issues.` ::: -**Explanation** +**Explanation** Usually caused by missing or malformed user attributes in LDAP. -**Solution** +**Solution** Ensure all LDAP users have valid email addresses and fix formatting issues before syncing again. --- -**Note:** +**Note:** The sync report categorizes issues as **Errors** (actions failed) or **Ignored** (actions skipped by design). Ignored entries are usually intentional protections (e.g., avoiding deletion), while **Errors require investigation**. --- @@ -155,7 +155,7 @@ The sync report categorizes issues as **Errors** (actions failed) or **Ignored** When using **LDAPS** (LDAP over SSL/TLS) for secure directory sync, one of the most common issues is certificate trust. The Passbolt server must trust the LDAP server's SSL certificate. If the certificate is self-signed or issued by a private CA, the connection may fail with errors like: ```bash -"Can't contact LDAP server" +"Can't contact LDAP server" ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) ``` @@ -204,7 +204,7 @@ For detailed setup instructions, please refer to the [LDAPS page](/docs/hosting/ ### Example: Works in CLI, Fails in UI -If `ldapsearch` works but the Passbolt UI fails, PHP may not trust the certificate. +If `ldapsearch` works but the Passbolt UI fails, PHP may not trust the certificate. Fix: Add the cert to the system trust store or configure it in Passbolt. --- @@ -364,7 +364,7 @@ If a user is removed from LDAP, Passbolt will try to delete them on sync — unl If the user owns any secrets, deletion is skipped to avoid data loss. -**Solution**: +**Solution**: An admin must first transfer or delete those secrets. After that, the user will be removed on the next sync. --- @@ -376,7 +376,7 @@ This generic error in the UI may be triggered by a server-side issue (e.g., PHP - Check the Passbolt error log immediately after seeing this error. - Example: A low PHP `memory_limit` can cause a fatal error masked as a client-side failure. -**Solution**: +**Solution**: Resolve the underlying error (e.g., increase memory) and retry. --- @@ -444,36 +444,36 @@ If you're experiencing LDAP synchronization issues, follow this structured check ### Connectivity and Configuration Checks -1. **Basic reachability** +1. **Basic reachability** Ensure the Passbolt server can reach the LDAP or AD server: - Confirm correct IP or hostname - Check firewall rules (e.g., port 389 or 636 is open) - - Run: `telnet ` or `ping ` (if ICMP is allowed) + - Run: `telnet ` or `ping ` (if ICMP is allowed) _💡 Network or DNS misconfigurations are a common cause in production._ -2. **Credentials and binding** +2. **Credentials and binding** Verify the bind DN and password using an LDAP client: - Use `ldapsearch` (see LDAPS section) - If the password was changed in AD and not updated in Passbolt, binding will fail -3. **Check Passbolt configuration values** +3. **Check Passbolt configuration values** In the Admin UI, double-check: - Base DN format and proper `,` separators (not `;`) - No trailing spaces - - Avoid duplicating the Base DN in the User/Group paths - **Example**: - ✅ Base DN: `DC=example,DC=com` - ✅ User Path: `OU=Users` + - Avoid duplicating the Base DN in the User/Group paths + **Example**: + ✅ Base DN: `DC=example,DC=com` + ✅ User Path: `OU=Users` ❌ User Path: `OU=Users,DC=example,DC=com` -4. **Use "Test Settings" and "Simulate Synchronize"** - - **Test Settings**: Checks the connection and basic LDAP queries - - **Simulate Synchronize**: Runs a dry sync (no data is saved) +4. **Use "Test Settings" and "Simulate Synchronize"** + - **Test Settings**: Checks the connection and basic LDAP queries + - **Simulate Synchronize**: Runs a dry sync (no data is saved) _These are safe tools to confirm configuration before syncing._ -5. **Check the API Status page** - Go to **Organisation Settings → Passbolt API Status**. - * If "Directory Sync" is failing, the plugin may be disabled or misconfigured +5. **Check the API Status page** + Go to **Organisation Settings → Passbolt API Status**. + * If "Directory Sync" is failing, the plugin may be disabled or misconfigured [📘 Directory Sync Healthcheck – Docs](/docs/admin/server-maintenance/passbolt-api-status/#directory-sync) @@ -578,17 +578,17 @@ After resolving the root cause of a sync issue (e.g., configuration fix, certifi ### 2. Verify Critical Outcomes -- Ensure new users received invitation emails +- Ensure new users received invitation emails > If not, confirm SMTP settings and delivery - If any messages mentioned "request sent to group manager", follow up to ensure those users are added manually -- Review any skipped or errored entries in the sync report +- Review any skipped or errored entries in the sync report > For details, refer to [Known Issues](#synchronization-error-messages) --- ### 3. Document Manual Actions -- Keep a record of any users or groups manually added, removed, or ignored during recovery +- Keep a record of any users or groups manually added, removed, or ignored during recovery > Useful for auditing and future troubleshooting --- @@ -624,4 +624,4 @@ sudo -u www-data /usr/share/php/passbolt/bin/status-report > /tmp/status.txt If a bug is suspected, escalate to the support team with logs, reproduction steps, and environment details. -> If absolutely necessary, consider inviting users manually via the UI (Passbolt does not support direct CSV user import). \ No newline at end of file +> If absolutely necessary, consider inviting users manually via the UI (Passbolt does not support direct CSV user import). diff --git a/docs/admin/user-provisioning/users-directory/directory-options.mdx b/docs/admin/user-provisioning/users-directory/directory-options.mdx index 651fd92c..c675f7ad 100644 --- a/docs/admin/user-provisioning/users-directory/directory-options.mdx +++ b/docs/admin/user-provisioning/users-directory/directory-options.mdx @@ -21,15 +21,15 @@ When integrating with OpenLDAP, keep in mind the following specifics: * Passbolt expects standard OpenLDAP schemas: * **User entries** should use the `inetOrgPerson` (or a subclass) object class. * **Group entries** should use `groupOfUniqueNames`. -* If your OpenLDAP uses different object classes (e.g., `posixAccount` for users, - or `groupOfNames` for groups), you can override the **User object class** and +* If your OpenLDAP uses different object classes (e.g., `posixAccount` for users, + or `groupOfNames` for groups), you can override the **User object class** and **Group object class** in the configuration. * Requirements: - * Each user must have a unique and valid email address in the attribute Passbolt - maps as the username (usually `mail`). It must be properly formatted (no + * Each user must have a unique and valid email address in the attribute Passbolt + maps as the username (usually `mail`). It must be properly formatted (no leading/trailing spaces). * Each group must contain members via the `uniqueMember` attribute. -* If these are not present or properly formatted, sync will report a "data validation" +* If these are not present or properly formatted, sync will report a "data validation" error. ### Bind DN Permissions @@ -111,7 +111,7 @@ username_attribute: sAMAccountName Group memberships are automatically inferred. -⚠️ **Note**: **Nested groups are not supported.** +⚠️ **Note**: **Nested groups are not supported.** If Group A is a member of Group B in AD, Passbolt will **not** include Group A's members in Group B. ### AD Naming Attributes @@ -301,8 +301,8 @@ The available options are: (required) - Choose here the username of the passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. -

    You can also create a dedicated admin user in passbolt if you want to be able to track more accurately the actions related to ldap. + Choose here the username of the Passbolt admin user that will be used to perform the operations on behalf of the synchronization tools. +

    You can also create a dedicated admin user in Passbolt if you want to be able to track more accurately the actions related to ldap. passboltadmin@domain.com diff --git a/docs/admin/user-provisioning/users-directory/index.mdx b/docs/admin/user-provisioning/users-directory/index.mdx index 2d567f23..ec4390bd 100644 --- a/docs/admin/user-provisioning/users-directory/index.mdx +++ b/docs/admin/user-provisioning/users-directory/index.mdx @@ -52,13 +52,13 @@ The integration works by periodically syncing the list of groups and users (alon ### General Configuration Steps -1. **Prerequisites** - - Ensure the PHP LDAP extension is installed (`php-ldap` on Debian/Ubuntu). +1. **Prerequisites** + - Ensure the PHP LDAP extension is installed (`php-ldap` on Debian/Ubuntu). - Ensure the server can connect to the LDAP/AD server (firewall/VPN as needed). -2. **Enable the Directory Sync plugin** - - Go to **Organisation settings → Users Directory** - - Toggle the **Enable** switch. +2. **Enable the Directory Sync plugin** + - Go to **Organisation settings → Users Directory** + - Toggle the **Enable** switch. - Complete all required fields and run a successful connection test. 3. **Enter LDAP connection settings** @@ -66,49 +66,49 @@ The integration works by periodically syncing the list of groups and users (alon - **Directory Type**: `Active Directory` or `OpenLDAP` - **Domain** (AD only): e.g. `mydomain.local` or `example.com` - **Server URL**: `ldap://198.163.0.1:389` or `ldaps://ldap.example.com:636` - - **Bind Username & Password**: + - **Bind Username & Password**: e.g., `CN=readonly,DC=mydomain,DC=local` - - **Base DN**: - - AD: `DC=mydomain,DC=local` + - **Base DN**: + - AD: `DC=mydomain,DC=local` - OpenLDAP: `dc=example,dc=com` - - **User Path & Group Path** (optional): + - **User Path & Group Path** (optional): e.g., `OU=MyUsers`, `OU=MyGroups` - - **Object classes** (OpenLDAP only): - - Users: `inetOrgPerson` + - **Object classes** (OpenLDAP only): + - Users: `inetOrgPerson` - Groups: `groupOfUniqueNames` - - **Default Admin**: + - **Default Admin**: A Passbolt admin user responsible for sync actions. - - **Default Group Manager**: + - **Default Group Manager**: The user assigned to manage synced groups. 4. **Filtering options** - - **Groups/Users parent group**: + - **Groups/Users parent group**: Restrict sync to subtrees. - - **Custom LDAP filters**: - e.g., + - **Custom LDAP filters**: + e.g., ```ldap (memberof=CN=PassboltUsers,OU=Groups,DC=example,DC=com) ``` - - **Enabled users only** (AD only): + - **Enabled users only** (AD only): Syncs only enabled accounts. Recommended for production. - - **Sync operations toggle**: + - **Sync operations toggle**: Disable create/update/delete individually as needed. -5. **Save and test** - - Click **Save settings**. - - Run **Simulate synchronize** to preview changes. +5. **Save and test** + - Click **Save settings**. + - Run **Simulate synchronize** to preview changes. - Review for expected users/groups and issues before a real sync. -6. **Run first synchronization** - - Once verified, click **Synchronize**. +6. **Run first synchronization** + - Once verified, click **Synchronize**. - Review the report for actions taken and errors. -7. **Verify results** - - Check the Passbolt UI for imported users/groups. +7. **Verify results** + - Check the Passbolt UI for imported users/groups. - New users will be in "invitation pending" status. -> 💡 Tip: Never run sync as root. Use the correct web server user. +> 💡 Tip: Never run sync as root. Use the correct web server user. > For example, on Debian/Ubuntu: ```bash su -s /bin/bash -c '...cake directory_sync...' www-data @@ -148,7 +148,7 @@ and actually activate it. ### Save configuration Once the configuration is entered, do not forget to save it by clicking on the "Save settings" at the top. The -configuration will be saved only if passbolt managed to connect to your directory. If not, it will display an error +configuration will be saved only if Passbolt managed to connect to your directory. If not, it will display an error message.
    contact@passbolt.com +The proofreader role can be requested to the Passbolt team by email at contact@passbolt.com . The role attribution is made as per the following rules: * Contributors should have already proposed translations for the language they want to help with proofreading. If no - translation made on passbolt, the contributors can show contributions made on another open source project. + translation made on Passbolt, the contributors can show contributions made on another open source project. * The already proposed translations should reflect the attention to details of the contributors and meet with the quality - standard of passbolt. + standard of Passbolt. -* The contributors should have proven good communication skills in their previous exchanges with the passbolt team as +* The contributors should have proven good communication skills in their previous exchanges with the Passbolt team as well as other contributors. See the [passbolt code of conduct](https://www.passbolt.com/code_of_conduct) to know - more about what is expected from the passbolt community members. + more about what is expected from the Passbolt community members. ### Access to the proofreading editor @@ -139,7 +139,7 @@ or move to the next string. ## Externalize strings or fix source language -A string is available for translation only if it has been externalized in the source code of the passbolt applications, +A string is available for translation only if it has been externalized in the source code of the Passbolt applications, and the source code is already in the pre-release state. :::note @@ -154,8 +154,8 @@ The [styleguide repository](https://github.com/passbolt/passbolt_styleguide) con the end user. In this repository you will find: -* Most of the passbolt front-end application in the directory *src/react-extension* -* The passbolt quickaccess application in the directory *src/react-quickaccess* +* Most of the Passbolt front-end application in the directory *src/react-extension* +* The Passbolt quickaccess application in the directory *src/react-quickaccess* The styleguide uses the i18next library to help manage the translation, if you want to know more checkout their [documentation](https://github.com/i18next/i18next). @@ -187,12 +187,12 @@ export default withTranslation("common")(ComponentToTranslate); To mark for translation a string contained in JSX code. ```jsx -Welcome to passbolt! +Welcome to Passbolt! ``` To mark for translation a string contained in javascript code. ```javascript -this.props.t("Welcome to passbolt!"); +this.props.t("Welcome to Passbolt!"); ``` #### Generate the language json source file @@ -223,7 +223,7 @@ In order to work on the translation of this application you need to: #### Mark a string for translation -To translate a string, a file has first to load the passbolt translation utility located in +To translate a string, a file has first to load the Passbolt translation utility located in `src/all/background_page/sdk/i18n.js`. For instance: ```javascript const {i18n} = require("./sdk/i18n"); @@ -231,7 +231,7 @@ const {i18n} = require("./sdk/i18n"); To mark for translation a string contained in javascript code. ```javascript -i18n.t("Welcome to passbolt!"); +i18n.t("Welcome to Passbolt!"); ``` #### Generate the language json source file @@ -248,7 +248,7 @@ Once done you can propose your changes as a pull request on the repository. The [API repository](https://github.com/passbolt/passbolt_api) contains all the code relative to the API obviously but also some screens presented to the end users such as the installation wizard. -The passbolt API uses the CakePHP translation feature to help manage the translation, if you want to know more checkout +The Passbolt API uses the CakePHP translation feature to help manage the translation, if you want to know more checkout their [documentation](https://book.cakephp.org/3/en/core-libraries/internationalization-and-localization.html). #### Getting started @@ -262,7 +262,7 @@ In order to work on the translation of this application you need to: To mark for translation a string contained in PHP code. ```php -__('Welcome to passbolt!'); +__('Welcome to Passbolt!'); ``` #### Generate the language gettext source file diff --git a/docs/contribute/translator/externalize.mdx b/docs/contribute/translator/externalize.mdx index 83c9f1c0..281d7248 100644 --- a/docs/contribute/translator/externalize.mdx +++ b/docs/contribute/translator/externalize.mdx @@ -4,11 +4,11 @@ description: Learn how to make strings available for translation in Passbolt sidebar_position: 3 --- -A string is available for translation only if it has been externalized in the source code of the passbolt applications, -and the source code is already in the pre-release state. +A string is available for translation only if it has been externalized in the source code of the Passbolt applications, +and the source code is already in the pre-release state. :::note -As mentioned in the introduction of this document, British English is the language used to develop the +As mentioned in the introduction of this document, British English is the language used to develop the application. Therefore, any changes to the source language will have to be done in the source code and each change will have to go through the translation process. ::: @@ -19,10 +19,10 @@ The [styleguide repository](https://github.com/passbolt/passbolt_styleguide) con the end user. In this repository you will find: -* Most of the passbolt front-end application in the directory *src/react-extension* -* The passbolt quickaccess application in the directory *src/react-quickaccess* +* Most of the Passbolt front-end application in the directory *src/react-extension* +* The Passbolt quickaccess application in the directory *src/react-quickaccess* -The styleguide uses the i18next library to help manage the translation, if you want to know more checkout their +The styleguide uses the i18next library to help manage the translation, if you want to know more checkout their [documentation](https://github.com/i18next/i18next). ### Getting started @@ -52,12 +52,12 @@ export default withTranslation("common")(ComponentToTranslate); To mark for translation a string contained in JSX code. ```jsx -Welcome to passbolt! +Welcome to Passbolt! ``` To mark for translation a string contained in javascript code. ```javascript -this.props.t("Welcome to passbolt!"); +this.props.t("Welcome to Passbolt!"); ``` ### Generate the language json source file @@ -88,7 +88,7 @@ In order to work on the translation of this application you need to: ### Mark a string for translation -To translate a string, a file has first to load the passbolt translation utility located in +To translate a string, a file has first to load the Passbolt translation utility located in `src/all/background_page/sdk/i18n.js`. For instance: ```javascript const {i18n} = require("./sdk/i18n"); @@ -96,7 +96,7 @@ const {i18n} = require("./sdk/i18n"); To mark for translation a string contained in javascript code. ```javascript -i18n.t("Welcome to passbolt!"); +i18n.t("Welcome to Passbolt!"); ``` ### Generate the language json source file @@ -113,7 +113,7 @@ Once done you can propose your changes as a pull request on the repository. The [API repository](https://github.com/passbolt/passbolt_api) contains all the code relative to the API obviously but also some screens presented to the end users such as the installation wizard. -The passbolt API uses the CakePHP translation feature to help manage the translation, if you want to know more checkout +The Passbolt API uses the CakePHP translation feature to help manage the translation, if you want to know more checkout their [documentation](https://book.cakephp.org/3/en/core-libraries/internationalization-and-localization.html). ### Getting started @@ -127,7 +127,7 @@ In order to work on the translation of this application you need to: To mark for translation a string contained in PHP code. ```php -__('Welcome to passbolt!'); +__('Welcome to Passbolt!'); ``` ### Generate the language gettext source file @@ -137,4 +137,4 @@ Once you have made your changes on the source code, you can then generate the la composer externalize-locale-strings ``` -Once done you can propose your changes as a pull request on the repository. \ No newline at end of file +Once done you can propose your changes as a pull request on the repository. diff --git a/docs/contribute/translator/proofread.mdx b/docs/contribute/translator/proofread.mdx index c2a6c5c5..90fa39a7 100644 --- a/docs/contribute/translator/proofread.mdx +++ b/docs/contribute/translator/proofread.mdx @@ -7,25 +7,25 @@ sidebar_position: 2 import Figure from '@site/src/components/Figure/Figure'; import Link from '@docusaurus/Link'; -The proofreading of passbolt is central in the translation process, it helps to keep a translation accurate and +The proofreading of Passbolt is central in the translation process, it helps to keep a translation accurate and guarantee a global homogeneity of it. As for the translation the proofreading step is entirely managed by Crowdin. ## Become a proofreader -The proofreader role can be requested to the passbolt team by email at contact@passbolt.com +The proofreader role can be requested to the Passbolt team by email at contact@passbolt.com . The role attribution is made as per the following rules: * Contributors should have already proposed translations for the language they want to help with proofreading. If no - translation made on passbolt, the contributors can show contributions made on another open source project. + translation made on Passbolt, the contributors can show contributions made on another open source project. * The already proposed translations should reflect the attention to details of the contributors and meet with the quality - standard of passbolt. + standard of Passbolt. -* The contributors should have proven good communication skills in their previous exchanges with the passbolt team as +* The contributors should have proven good communication skills in their previous exchanges with the Passbolt team as well as other contributors. See the [passbolt code of conduct](https://www.passbolt.com/code_of_conduct) to know - more about what is expected from the passbolt community members. + more about what is expected from the Passbolt community members. ## Access to the proofreading editor diff --git a/docs/development/authentication.mdx b/docs/development/authentication.mdx index 1eccbc7a..bedf9361 100644 --- a/docs/development/authentication.mdx +++ b/docs/development/authentication.mdx @@ -29,7 +29,6 @@ hide_table_of_contents: false When using GPGAuth-based authentication, the whole process is divided in multiple steps, each one with a specific use-case. - #### Stage 0 - Server's identity verification > This step is optional, although recommended. @@ -44,7 +43,7 @@ In order to do that, the client generates a challenge token, composed of differe - Protocol version again An example of said challenge string could be `gpgauthv1.3.0|36|10e2074b-f610-42be-8525-100d4e68c481|gpgauthv1.3.0`. - + This challenge token is then encrypted with the sever's public key, obtained with a `GET` request to `/auth/verify.json`. The total payload for server verification has the following structure: @@ -88,7 +87,6 @@ This challenge string has the same format that the one described in stage 0. This challenge string is encrypted with the user's public key and signed with the server's key. - #### Stage 2 - Verifying client's private key verification Once this challenge string has been decrypted, it has to be sent to the server in a `POST` @@ -198,7 +196,7 @@ The response, which tells you the different MFA providers available, will look s } ``` -Then, you have to make a `POST` request to `https:///mfa/verify/.json` with the code provided, in a body such as: +Then, you have to make a `POST` request to `https:///mfa/verify/.json` with the code provided, in a body such as: ```json { diff --git a/docs/development/getting-started.mdx b/docs/development/getting-started.mdx index 58d9c1a9..0c8e9636 100644 --- a/docs/development/getting-started.mdx +++ b/docs/development/getting-started.mdx @@ -6,12 +6,12 @@ sidebar_label: Getting started hide_table_of_contents: false --- -The API works over HTTPS in a REST fashion, so it is language framework agnostic. You can integrate passbolt services into your existing workflow using the toolset of your choice. +The API works over HTTPS in a REST fashion, so it is language framework agnostic. You can integrate Passbolt services into your existing workflow using the toolset of your choice. -To get started with the passbolt REST API (hereafter referred to as “The API”) you need at least: +To get started with the Passbolt REST API (hereafter referred to as “The API”) you need at least: -- A running passbolt server instance. -- A passbolt user account if you want to access protected data. +- A running Passbolt server instance. +- A `passbolt` user account if you want to access protected data. - Some basic understanding of how public key cryptography works. - An [OpenPGP-compliant](https://www.openpgp.org/about/) library to build with. @@ -88,11 +88,11 @@ As you can see, for validation errors, the response body contains two keys, `nam ## Encryption and decryption -Security and privacy are the biggest concerns for a password manager and passbolt is no exception. Passbolt’s solution uses end-to-end encryption and the encryption and decryption is always done on the client. The server is mainly used to take care of relational data integrity and storage. +Security and privacy are the biggest concerns for a password manager and Passbolt is no exception. Passbolt’s solution uses end-to-end encryption and the encryption and decryption is always done on the client. The server is mainly used to take care of relational data integrity and storage. Passbolt uses [public key cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography) and [OpenPGP](https://www.openpgp.org/about/) specifically. This guide will assume you are familiar with these concepts. -![Password exchange using passbolt](/img/diagrams/howitworks.svg) +![Password exchange using Passbolt](/img/diagrams/howitworks.svg) ### Which OpenPGP implementation should I use? @@ -101,9 +101,9 @@ There are several ways you can use OpenPGP. The most popular option is to use Gn There are various language libraries available such as: -- [OpenPGP.js](https://openpgpjs.org/): JavaScript alone (used by passbolt extension / cli) -- [PHP GnuPG](https://www.php.net/manual/en/book.gnupg.php): PHP with GnuPG (used by passbolt server) -- [OpenPGP.php](https://github.com/singpolyma/openpgp-php): PHP alone (used by passbolt server). +- [OpenPGP.js](https://openpgpjs.org/): JavaScript alone (used by Passbolt extension / cli) +- [PHP GnuPG](https://www.php.net/manual/en/book.gnupg.php): PHP with GnuPG (used by Passbolt server) +- [OpenPGP.php](https://github.com/singpolyma/openpgp-php): PHP alone (used by Passbolt server). - [gpgme.js](https://github.com/mailvelope/gpgmejs): JavaScript for GPGME - [GPGME Python](http://files.au.adversary.org/crypto/gpgme-python-howto.html): Python with GnuPG. - [PGPy](https://github.com/SecurityInnovation/PGPy/): Python alone. @@ -111,7 +111,7 @@ There are various language libraries available such as: You can find additional libraries on openpgp.org. Working with OpenPGP Keys -At the time of installation the passbolt server administrator generates an OpenPGP key pair and stores it in the server keyring. Similarly, clients (such as the passbolt browser extension) generate a pair of keys during the setup. At the end of the setup the client stores its secret key locally and send the public key to the server. +At the time of installation the Passbolt server administrator generates an OpenPGP key pair and stores it in the server keyring. Similarly, clients (such as the Passbolt browser extension) generate a pair of keys during the setup. At the end of the setup the client stores its secret key locally and send the public key to the server. When authenticated, it is possible for a user to gather other user's public keys, in order to share passwords with them. Prior to sending sensitive data, secrets must be encrypted using the recipient's public key (e.g. another user, for example) and signed using the sender's public key. @@ -120,9 +120,9 @@ This serves two purposes: 1. Privacy by encrypting the data 2. Authenticity by confirming the identity of the sender. -### Accessing passbolt server public key +### Accessing Passbolt server public key -The passbolt server public key is required during the “verify” step of the authentication. This step allows the client to verify the server identity, for example to prevent the unlikely scenario where the domain was seized. Your passbolt server broadcasts its public key at `GET /auth/verify.json`. +The Passbolt server public key is required during the “verify” step of the authentication. This step allows the client to verify the server identity, for example to prevent the unlikely scenario where the domain was seized. Your Passbolt server broadcasts its public key at `GET /auth/verify.json`. ## Glossary @@ -155,11 +155,11 @@ The definition of what is included in the resource and what is included in the s ### Resource type -In passbolt, passwords are split into two different entities: Resources (the metadata in clear) and Secrets (the encrypted data). +In Passbolt, passwords are split into two different entities: Resources (the metadata in clear) and Secrets (the encrypted data). The resource types define what is included in the resource and what is included in the secret. This definition, that is part of the resource type, takes the form of JSON schemas. -Since passbolt is end-to-end encrypted the server cannot validate the content of the secrets. +Since Passbolt is end-to-end encrypted the server cannot validate the content of the secrets. Therefore, it is the responsibility of the clients to check if the secret is deserializable according to the resource type schema associated with the resource and to choose how to handle that case. ### Secret diff --git a/docs/development/index.mdx b/docs/development/index.mdx index 851c7440..4e763fcc 100644 --- a/docs/development/index.mdx +++ b/docs/development/index.mdx @@ -10,10 +10,10 @@ hide_table_of_contents: true The documentation for Passbolt contains several main sections, all accessible from the top navigation bar: - The [Admin Guide](/docs/admin/) contains all the information for users with the administrator role, e.g. all about the user and admin workspaces. -- The [Hosting Guide](/docs/hosting/) contains all the technical information related to the setup and update of your passbolt self-hosted server. +- The [Hosting Guide](/docs/hosting/) contains all the technical information related to the setup and update of your Passbolt self-hosted server. - The [User Guide](/docs/user/) contains all about the functionalities available to every users. - The [API Guide](/docs/api/) contains low-level and detailed information related to the different endpoints of the backend API. - The [Contribute Guide](/docs/contribute/) contains information about how you can contribute to Passbolt in different ways. -If you are new to passbolt you can get some introduction in the next section, otherwise feel free to peruse and find - what you are looking for using the navigation on the left. \ No newline at end of file +If you are new to Passbolt you can get some introduction in the next section, otherwise feel free to peruse and find + what you are looking for using the navigation on the left. diff --git a/docs/hosting/_configuration/ssl/auto/_aws-ce.mdx b/docs/hosting/_configuration/ssl/auto/_aws-ce.mdx index f531316a..4c4a9596 100644 --- a/docs/hosting/_configuration/ssl/auto/_aws-ce.mdx +++ b/docs/hosting/_configuration/ssl/auto/_aws-ce.mdx @@ -10,8 +10,8 @@ You most likely want to say 'NO' to the mariadb/mysql setup question and go for Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: -- Serve passbolt on port 80 (http) -- Serve passbolt on port 443 (https) +- Serve Passbolt on port 80 (http) +- Serve Passbolt on port 443 (https) The following steps will guide you through the option that uses Let's encrypt method to enable SSL. @@ -45,7 +45,7 @@ Finally you will need to provide an email address for Let's encrypt to notify yo caption="fig. lets encrypt admin email" /> -If everything goes fine you should see a final message that points you to finish passbolt configuration: +If everything goes fine you should see a final message that points you to finish Passbolt configuration:
    -If everything goes fine you should see a final message that points you to finish passbolt configuration: +If everything goes fine you should see a final message that points you to finish Passbolt configuration:
    diff --git a/docs/hosting/_includes/ansible/_user-registration.mdx b/docs/hosting/_includes/ansible/_user-registration.mdx index 6dc167c1..a3da419b 100644 --- a/docs/hosting/_includes/ansible/_user-registration.mdx +++ b/docs/hosting/_includes/ansible/_user-registration.mdx @@ -4,7 +4,7 @@ import Figure from '/src/components/Figure/Figure'; #### Download the plugin -Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the next step. +Before continuing Passbolt will require you to download its plugin. If you already have it installed you can go to the next step.
    @@ -96,7 +96,7 @@ It will output a link similar to the below one that can be pasted on the browser https://my.domain.tld/setup/install/1eafab88-a17d-4ad8-97af-77a97f5ff552/f097be64-3703-41e2-8ea2-d59cbe1c15bc ``` -At this point, you should have a working docker setup running on the **latest** tag. However, it is recommended that users [pull the tags pointing to specific passbolt versions](https://hub.docker.com/r/passbolt/passbolt/tags) when running in environments other than testing. +At this point, you should have a working docker setup running on the **latest** tag. However, it is recommended that users [pull the tags pointing to specific Passbolt versions](https://hub.docker.com/r/passbolt/passbolt/tags) when running in environments other than testing. ## Going further diff --git a/docs/hosting/_includes/fromSource/_installation-steps.mdx b/docs/hosting/_includes/fromSource/_installation-steps.mdx index f0d8dc6d..cbcaf21f 100644 --- a/docs/hosting/_includes/fromSource/_installation-steps.mdx +++ b/docs/hosting/_includes/fromSource/_installation-steps.mdx @@ -35,7 +35,7 @@ mysql> CREATE DATABASE passbolt CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci #### Create a non-root user with according privilege -The database user should not be root, create a non-root user that have privileges on the passbolt database that has been created. +The database user should not be root, create a non-root user that have privileges on the Passbolt database that has been created. ```shell mysql> CREATE USER 'your_user'@'localhost' IDENTIFIED BY 'your_password'; @@ -75,7 +75,7 @@ You can get the server key fingerprint as follow: $ gpg --list-keys --fingerprint | grep -i -B 2 'email@domain.tld' ``` -Copy the public and private keys to the passbolt config location: +Copy the public and private keys to the Passbolt config location: ```shell $ gpg --armor --export-secret-keys email@domain.tld > /var/www/passbolt/config/gpg/serverkey_private.asc @@ -84,7 +84,7 @@ $ gpg --armor --export email@domain.tld > /var/www/passbolt/config/gpg/serverkey ### 5. Initialize the GPG keyring -You no longer need to be connected as www-data from now. In order for passbolt authentication to work your server key needs to be in the keyring used by the web server. +You no longer need to be connected as www-data from now. In order for Passbolt authentication to work your server key needs to be in the keyring used by the web server. ```shell $ sudo su -s /bin/bash -c "gpg --list-keys" www-data @@ -107,7 +107,7 @@ Depending on your setup it is possible that your composer command is named `comp If for some reason the command above fails because you don't have composer installed, you can check the [composer installation instructions](https://getcomposer.org/download/). -### 7. Create a passbolt configuration file +### 7. Create a Passbolt configuration file The name and values in the main configuration file have changed. Everything is now located in one file called `config/passbolt.php`. Do not copy your v1 configuration files, instead you need to create a new one: @@ -157,11 +157,11 @@ Depending on your needs there are two different options to setup nginx and SSL : Be sure to write down the full path to your cert/key combo, it will be needed later in the Nginx configuration process. -Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. +Please, notice that for security matters we highly recommend to setup SSL to serve Passbolt. -#### Configure Nginx to serve passbolt +#### Configure Nginx to serve Passbolt -For Nginx to serve passbolt, you will need to set up a server block file : +For Nginx to serve Passbolt, you will need to set up a server block file : ```shell $ nano /etc/nginx/sites-enabled/passbolt.conf @@ -230,7 +230,7 @@ If you are running Passbolt 3.8.0 or higher version, you are able to configure y :::caution **You are running Passbolt CE < 3.8.0 ?** -For passbolt to be able to send emails, you must first configure properly the “EmailTransport” section in the +For Passbolt to be able to send emails, you must first configure properly the “EmailTransport” section in the `config/passbolt.php` file to match your provider smtp details. ::: diff --git a/docs/hosting/_includes/fromSource/_introduction-from-source.mdx b/docs/hosting/_includes/fromSource/_introduction-from-source.mdx index 11c87733..2aed9bf8 100644 --- a/docs/hosting/_includes/fromSource/_introduction-from-source.mdx +++ b/docs/hosting/_includes/fromSource/_introduction-from-source.mdx @@ -2,9 +2,9 @@ This tutorial is distribution agnostic. It details the installation steps at a high level, without taking into account the specifics related to each and every linux distribution. It is provided for reference only, -to demonstrate that it is possible to install passbolt from source. +to demonstrate that it is possible to install Passbolt from source. :::caution -This is NOT the recommended way to {`${props.type}`} passbolt. You will find guides to install passbolt on your distribution [here](/docs/hosting/install). +This is NOT the recommended way to {`${props.type}`} Passbolt. You will find guides to install Passbolt on your distribution [here](/docs/hosting/install). You should most likely not attempt this unless you are an advanced administrator with very specific needs in terms of server configuration. ::: diff --git a/docs/hosting/_includes/fromSource/_system-requirements.mdx b/docs/hosting/_includes/fromSource/_system-requirements.mdx index 7bcb91b3..dccdb14e 100644 --- a/docs/hosting/_includes/fromSource/_system-requirements.mdx +++ b/docs/hosting/_includes/fromSource/_system-requirements.mdx @@ -13,7 +13,7 @@ Maybe someone else has had your issue. If not, make a post and the community wil - PHP >= 8.2.0 :::danger -PHP 8.2.0 will be required from passbolt v5 +PHP 8.2.0 will be required from Passbolt v5 ::: - MariaDB >= 10.3 /Mysql >= 5.7 diff --git a/docs/hosting/_includes/helm/_helm-install-usage.mdx b/docs/hosting/_includes/helm/_helm-install-usage.mdx index 62ffe8e8..2a50ebbb 100644 --- a/docs/hosting/_includes/helm/_helm-install-usage.mdx +++ b/docs/hosting/_includes/helm/_helm-install-usage.mdx @@ -45,7 +45,7 @@ gpg --armor --export | base64 -w 0 You must configure also SMTP settings to be able to receive notifications and recovery emails. -For more information on which environment variables are available on passbolt, please check the [passbolt environment variable reference](https://help.passbolt.com/configure/environment/reference.html) +For more information on which environment variables are available on Passbolt, please check the [passbolt environment variable reference](https://help.passbolt.com/configure/environment/reference.html) :::note[Important] By default we have the ingress set to false, you'll need to decide diff --git a/docs/hosting/_includes/https/auto-common-images.mdx b/docs/hosting/_includes/https/auto-common-images.mdx index 2f579a8a..45ebcae6 100644 --- a/docs/hosting/_includes/https/auto-common-images.mdx +++ b/docs/hosting/_includes/https/auto-common-images.mdx @@ -1,10 +1,10 @@ import Figure from '@site/src/components/Figure/Figure'; -The passbolt debian based package currently supports the configuration of nginx. It comes with a default configuration that supports: +The Passbolt debian based package currently supports the configuration of nginx. It comes with a default configuration that supports: - - Serving passbolt on port 80 (http) - - Serving passbolt on port 443 (https) + - Serving Passbolt on port 80 (http) + - Serving Passbolt on port 443 (https) The following steps will guide you through the option that uses Let’s encrypt method to enable SSL. diff --git a/docs/hosting/_includes/https/deb-auto.mdx b/docs/hosting/_includes/https/deb-auto.mdx index 6681f0d7..cde67403 100644 --- a/docs/hosting/_includes/https/deb-auto.mdx +++ b/docs/hosting/_includes/https/deb-auto.mdx @@ -10,11 +10,11 @@ import SubDirectoryWarning from '/docs/hosting/_includes/warning/_subdirectory-h -### Install or reconfigure passbolt +### Install or reconfigure Passbolt -If you don’t have passbolt installed please check on the hosting section for more information on how to install passbolt on debian. +If you don’t have Passbolt installed please check on the hosting section for more information on how to install Passbolt on debian. -If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL: +If you have already installed Passbolt then you want to execute the following command to start the configuration process for SSL: {`sudo dpkg-reconfigure passbolt-${props.productName.toLowerCase()}-server`} diff --git a/docs/hosting/_includes/https/deb-manual.mdx b/docs/hosting/_includes/https/deb-manual.mdx index ab5271b8..9aeb9ba9 100644 --- a/docs/hosting/_includes/https/deb-manual.mdx +++ b/docs/hosting/_includes/https/deb-manual.mdx @@ -8,17 +8,17 @@ import CertificateWarning from '/docs/hosting/_includes/warning/_passphrase-prot Passbolt debian and ubuntu packages currently supports the configuration of nginx. It comes with a default configuration that supports: - - Serve passbolt on port 80 (http) - - Serve passbolt on port 443 (https) + - Serve Passbolt on port 80 (http) + - Serve Passbolt on port 443 (https) On this context ‘manually’ means that the user will provide the SSL certificates, this is the main difference with the ‘auto’ method where [Let’s Encrypt](https://letsencrypt.org/) will issue the SSL certificate for you. -This manual method is often useful on private network installations with private CA where the system admin issues a new private SSL certificate and uploads it to the passbolt server. It is also a method often used with self-signed SSL certificates for test installations. +This manual method is often useful on private network installations with private CA where the system admin issues a new private SSL certificate and uploads it to the Passbolt server. It is also a method often used with self-signed SSL certificates for test installations. -On this example we will assume the user is generating a self-signed certificate on the passbolt server. +On this example we will assume the user is generating a self-signed certificate on the Passbolt server. ## Generate the SSL certificate -While connected to your passbolt instance you can generate a SSL certificate in the following way: +While connected to your Passbolt instance you can generate a SSL certificate in the following way: {`openssl req -x509 \\ -newkey rsa:4096 \\ @@ -32,17 +32,17 @@ While connected to your passbolt instance you can generate a SSL certificate in This command will output two files: `key.pem` and `cert.pem`. Identify the absolute path where these files are located as you will need them in next steps. -Of course, replace `-subj` values with your own. It is important to set your passbolt FQDN in both `CN` and `subjectAltName`. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser. +Of course, replace `-subj` values with your own. It is important to set your Passbolt FQDN in both `CN` and `subjectAltName`. In this way, you will be able to import the generated certificate in your operating system keychain and make your self-signed domain trusted in your browser. :::important[Pro tip:] You can use an IP address instead of a domain name for your self-signed certificate. If you do that, replace DNS with IP in `subjectAltName`. ::: -## Install or reconfigure passbolt +## Install or reconfigure Passbolt -If you don’t have passbolt installed please check on the hosting section for more information on how to install passbolt on debian. +If you don’t have Passbolt installed please check on the hosting section for more information on how to install Passbolt on debian. -If you have already installed passbolt then you want to execute the following command to start the configuration process for SSL: +If you have already installed Passbolt then you want to execute the following command to start the configuration process for SSL: {`sudo dpkg-reconfigure passbolt-${props.productName.toLowerCase()}-server`} @@ -92,7 +92,7 @@ Choose ‘manual’ for the SSL setup method: -Provide the domain name you plan to use for your passbolt server. On this example and as we are using a self-signed certificate the domain name is not as important as if you are planning to use a proper SSL certificate. In the later escenario DNS domain name and SSL domain name must match. +Provide the domain name you plan to use for your Passbolt server. On this example and as we are using a self-signed certificate the domain name is not as important as if you are planning to use a proper SSL certificate. In the later escenario DNS domain name and SSL domain name must match. <> {props.productName == 'PRO' && (
    installation documentation, you should have defined `db` and `passbolt` services for your passbolt stack. +If you have followed our installation documentation, you should have defined `db` and `passbolt` services for your Passbolt stack. To handle HTTPS setup with Let’s Encrypt, add a traefik service as follow: @@ -38,7 +38,7 @@ services: Traefik will: - - act as a proxy in front of passbolt service, that’s why we defined ports 80 and 443. + - act as a proxy in front of Passbolt service, that’s why we defined ports 80 and 443. - handle Let’s Encrypt certificates renew. ## Configuration files @@ -138,9 +138,9 @@ In the `conf` folder, create 2 files: `traefik.yaml`, `conf/headers.yaml` and `conf/tls.yaml` will be mounted inside traefik container. -## Handle passbolt with Traefik +## Handle Passbolt with Traefik -To make Traefik redirect incoming requests to passbolt, edit the `passbolt` service as follow: +To make Traefik redirect incoming requests to Passbolt, edit the `passbolt` service as follow: **Step 1.** As traefik will handle the HTTPS connection, remove the ports definition for the `passbolt` service @@ -187,4 +187,4 @@ services: That’s it -Launch `docker compose up -d` and you should be able to reach passbolt with HTTPS and a Let’s Encrypt certificate. The renewal of the certificate will be handled automatically by Traefik daemon. +Launch `docker compose up -d` and you should be able to reach Passbolt with HTTPS and a Let’s Encrypt certificate. The renewal of the certificate will be handled automatically by Traefik daemon. diff --git a/docs/hosting/_includes/https/docker-manual.mdx b/docs/hosting/_includes/https/docker-manual.mdx index 411cb3e7..3f44cd09 100644 --- a/docs/hosting/_includes/https/docker-manual.mdx +++ b/docs/hosting/_includes/https/docker-manual.mdx @@ -13,7 +13,7 @@ import CertificateWarning from '/docs/hosting/_includes/warning/_passphrase-prot -You need to bind-mount your certificates inside passbolt container to use them. +You need to bind-mount your certificates inside Passbolt container to use them. Create a certs folder and put your certificates there: @@ -23,10 +23,10 @@ mv /path/to/your/certificate.crt certs/cert.pem mv /path/to/your/certificate.key certs/key.pem`} -The bind-mount configuration will differ depending which passbolt image you are using. +The bind-mount configuration will differ depending which Passbolt image you are using. ### Standard images -If you are using standard passbolt image, add your certificates in the volumes definition of the passbolt service and ensure ports are well mapped: +If you are using standard Passbolt image, add your certificates in the volumes definition of the Passbolt service and ensure ports are well mapped: {`version: '3.7' diff --git a/docs/hosting/_includes/https/nginx-success.mdx b/docs/hosting/_includes/https/nginx-success.mdx index ad92f4e5..f782ef11 100644 --- a/docs/hosting/_includes/https/nginx-success.mdx +++ b/docs/hosting/_includes/https/nginx-success.mdx @@ -1,7 +1,7 @@ import Figure from '@site/src/components/Figure/Figure'; -If everything goes fine you should see a final message that points you to finish passbolt configuration: +If everything goes fine you should see a final message that points you to finish Passbolt configuration:
    -Replace the underscore with your passbolt domain name: +Replace the underscore with your Passbolt domain name: {`server_name passbolt.domain.tld;`} -## Reconfigure passbolt +## Reconfigure Passbolt Execute this command: {`sudo dpkg-reconfigure passbolt-${props.productName.toLowerCase()}-server`} -You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup \ No newline at end of file +You most likely want to say ‘NO’ to the mariadb/mysql setup question and go for the nginx setup diff --git a/docs/hosting/_includes/https/rpm-manual.mdx b/docs/hosting/_includes/https/rpm-manual.mdx index ac27bba8..b5171f9e 100644 --- a/docs/hosting/_includes/https/rpm-manual.mdx +++ b/docs/hosting/_includes/https/rpm-manual.mdx @@ -4,14 +4,14 @@ import CertificateWarning from '/docs/hosting/_includes/warning/_passphrase-prot -If you are reconfiguring passbolt you most likely want to say **‘NO’** to the mariadb or havaged setup questions and go for the nginx setup +If you are reconfiguring Passbolt you most likely want to say **‘NO’** to the mariadb or havaged setup questions and go for the nginx setup ## MariaDB / Nginx / SSL settings Passbolt {props.productName} RPM package on come with a configuration helper tool to prepare MariaDB, Nginx and SSL settings. You must prepare your SSL certificates before launching the tool. Be sure to write down the full path to your cert/key combo, as it will be needed in the nginx configuration process. -Please, notice that for security matters we highly recommend to setup SSL to serve passbolt. +Please, notice that for security matters we highly recommend to setup SSL to serve Passbolt. Launch passbolt-configure tool and answer to the questions: @@ -21,7 +21,7 @@ Launch passbolt-configure tool and answer to the questions: ## Nginx -Please enter the domain name under which passbolt will run. +Please enter the domain name under which Passbolt will run. :::important[Note] This hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let’s encrypt if you don’t have your own SSL certificates. diff --git a/docs/hosting/_includes/migrate/docker/_prerequisites.mdx b/docs/hosting/_includes/migrate/docker/_prerequisites.mdx index 11fa6ed1..59a58e0f 100644 --- a/docs/hosting/_includes/migrate/docker/_prerequisites.mdx +++ b/docs/hosting/_includes/migrate/docker/_prerequisites.mdx @@ -9,7 +9,7 @@ For this tutorial, you will need: ## Backup the existing data -Prior to the migration you will need to backup the existing passbolt instance data. Please refer to [the official backup documentations](/hosting/backup/). +Prior to the migration you will need to backup the existing Passbolt instance data. Please refer to [the official backup documentations](/hosting/backup/). Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. @@ -62,7 +62,7 @@ This means you just have to mount your database backup file on `/docker-entrypoi ### Set your GPG server keys fingerprint and email -In the scope of a migration to docker, you need to add 2 environment variables to the passbolt service +In the scope of a migration to docker, you need to add 2 environment variables to the Passbolt service related to the GPG server keys fingerprint and email address. Get them from your backed up keys: @@ -89,7 +89,7 @@ services: ### Start your containers -You can now start your database and passbolt containers, your database will be restored at the database container start. +You can now start your database and Passbolt containers, your database will be restored at the database container start. ### Restore GPG server keys @@ -111,5 +111,5 @@ docker exec -it your-passbolt-container chmod 440 /etc/passbolt/gpg/serverkey_pr ### That's it -If your passbolt URL has changed, you will have to proceed to the same process than when setting up the browser +If your Passbolt URL has changed, you will have to proceed to the same process than when setting up the browser extension on a new browser aka, follow the [account recovery](/user/quickstart/browser/setup-on-another-machine/) process. diff --git a/docs/hosting/_includes/migrate/migration-data.mdx b/docs/hosting/_includes/migrate/migration-data.mdx index 07ca710a..d0f78622 100644 --- a/docs/hosting/_includes/migrate/migration-data.mdx +++ b/docs/hosting/_includes/migrate/migration-data.mdx @@ -103,7 +103,7 @@ sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc`} @@ -111,10 +111,10 @@ sudo chmod 440 /etc/passbolt/gpg/serverkey_private.asc`} -Try to access your passbolt application with your browser. +Try to access your Passbolt application with your browser. If you are encountering any issues, you can run the following command to assess the status of your instance: diff --git a/docs/hosting/_includes/migrate/migration-requirements.mdx b/docs/hosting/_includes/migrate/migration-requirements.mdx index 33d8daad..644273c8 100644 --- a/docs/hosting/_includes/migrate/migration-requirements.mdx +++ b/docs/hosting/_includes/migrate/migration-requirements.mdx @@ -1,5 +1,5 @@ <> -

    This document describes how to migrate an existing passbolt to a new {props.distributionLabel} server.

    +

    This document describes how to migrate an existing Passbolt to a new {props.distributionLabel} server.

    ## Pre-requisites @@ -12,7 +12,7 @@ For this tutorial, you will need: ## Backup the existing data -Prior to the migration you will need to backup the existing passbolt instance data. Please refer to [the official backup documentations](/hosting/backup/). +Prior to the migration you will need to backup the existing Passbolt instance data. Please refer to [the official backup documentations](/hosting/backup/). Depending on your SSL configuration you might need to copy the certificate and key from the existing instance. If you are using let’s encrypt you can continue you’ll configure it later directly in the new server. diff --git a/docs/hosting/_includes/migrate/migration-setup.mdx b/docs/hosting/_includes/migrate/migration-setup.mdx index f1fbef9a..89634d75 100644 --- a/docs/hosting/_includes/migrate/migration-setup.mdx +++ b/docs/hosting/_includes/migrate/migration-setup.mdx @@ -21,7 +21,7 @@ import OpenSUSEGPGKey from '/docs/hosting/_includes/OpenSUSE/_opensuse-gpg-key.m {`sha512sum -c passbolt-${props.productName.toLowerCase()}-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.${props.productName.toLowerCase()}.sh || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.${props.productName.toLowerCase()}.sh`} -## Install passbolt official linux package +## Install Passbolt official linux package {`sudo ${props.distributionPackage.toLowerCase()} install passbolt-${props.productName.toLowerCase()}-server`} diff --git a/docs/hosting/_includes/migrate/scripts/_copy-configuration.mdx b/docs/hosting/_includes/migrate/scripts/_copy-configuration.mdx index 5532d985..75cc6f59 100644 --- a/docs/hosting/_includes/migrate/scripts/_copy-configuration.mdx +++ b/docs/hosting/_includes/migrate/scripts/_copy-configuration.mdx @@ -10,9 +10,9 @@ sudo chown -R root:${props.webServerUser} /etc/passbolt/gpg sudo chmod g-w /etc/passbolt/gpg`} -### 5.2. Copy the passbolt configuration +### 5.2. Copy the Passbolt configuration -Copy passbolt configuration as following: +Copy Passbolt configuration as following: {`sudo cp /var/www/passbolt/config/passbolt.php /etc/passbolt/passbolt.php sudo chown root:${props.webServerUser} /etc/passbolt/passbolt.php @@ -134,7 +134,7 @@ You may also want to check for the old CRON job that may need to be removed: ## Bring your site back online -Finally take passbolt back up: +Finally take Passbolt back up: {`sudo systemctl start nginx diff --git a/docs/hosting/_includes/migrate/scripts/_migrate-from-script-to-package.mdx b/docs/hosting/_includes/migrate/scripts/_migrate-from-script-to-package.mdx index c7fdb4e2..1ff67536 100644 --- a/docs/hosting/_includes/migrate/scripts/_migrate-from-script-to-package.mdx +++ b/docs/hosting/_includes/migrate/scripts/_migrate-from-script-to-package.mdx @@ -1,7 +1,7 @@ import CodeBlock from "/src/components/CodeBlock/CodeBlock"; import Link from '@docusaurus/Link'; -

    A {props.distributionLabel} package has been created to increase the ease of installing and upgrading passbolt.

    +

    A {props.distributionLabel} package has been created to increase the ease of installing and upgrading Passbolt.

    ## Pre-requisites @@ -30,7 +30,7 @@ You can follow our [backup process](/hosting/backup/). Passbolt requires PHP 8.2. -

    A full system upgrade to {props.distributionLabel} {props.distributionVersion} is necessary before installing the passbolt {props.distributionLabel} package.

    +

    A full system upgrade to {props.distributionLabel} {props.distributionVersion} is necessary before installing the Passbolt {props.distributionLabel} package.

    <> {(props.distributionPackage === 'dnf' || props.distributionPackage === 'yum') ? ( diff --git a/docs/hosting/_includes/ova/_setup.mdx b/docs/hosting/_includes/ova/_setup.mdx index 63b1ba9d..a0cde998 100644 --- a/docs/hosting/_includes/ova/_setup.mdx +++ b/docs/hosting/_includes/ova/_setup.mdx @@ -12,7 +12,7 @@ Download the ova and the SHA512SUM.txt: Import the ova file using virtualbox, vmware (ESXi >= 6.0) or any other platform that supports import OVA files. -Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM's settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the passbolt install process. +Once imported, it is highly recommanded to check if the VM is actually running as Debian (64-bit). In order to do that, just open VM's settings and it should show on which version it is running on. Now, you should be able to boot the VM and just point to the VM ip address with their web browser to initiate the Passbolt install process. ### 1.2 Credentials @@ -21,7 +21,7 @@ The appliance performs some actions on the first boot: - Creates ssh host keys - Enables ssh - Creates a set of random mariadb credentials for the mariadb server installed on the appliance -- Creates an empty database where passbolt can be installed. +- Creates an empty database where Passbolt can be installed. For the first login the appliance comes with the following ssh default credentials: @@ -50,7 +50,7 @@ You will need to create a file containing the subscription key in */etc/passbolt
    -

    When it comes to SSL, the virtual appliance uses passbolt debian package. Depending on your needs there are two different options to setup HTTPS:

    +

    When it comes to SSL, the virtual appliance uses Passbolt debian package. Depending on your needs there are two different options to setup HTTPS:

    • Auto (Using Let's Encrypt) diff --git a/docs/hosting/_includes/package/_aws-ami-installation.mdx b/docs/hosting/_includes/package/_aws-ami-installation.mdx index 8e895c4e..04c43d55 100644 --- a/docs/hosting/_includes/package/_aws-ami-installation.mdx +++ b/docs/hosting/_includes/package/_aws-ami-installation.mdx @@ -1,7 +1,7 @@ import Figure from '/src/components/Figure/Figure'; import Link from '@docusaurus/Link'; -Passbolt Amazon Machine Image (AMI) provides a ready to use passbolt image that you can +Passbolt Amazon Machine Image (AMI) provides a ready to use Passbolt image that you can use for free on your Amazon Web Services infrastructure. The AMI includes the following software: diff --git a/docs/hosting/_includes/package/_configure-debian-package-mariadb.mdx b/docs/hosting/_includes/package/_configure-debian-package-mariadb.mdx index 60a3f872..0002e66d 100644 --- a/docs/hosting/_includes/package/_configure-debian-package-mariadb.mdx +++ b/docs/hosting/_includes/package/_configure-debian-package-mariadb.mdx @@ -2,11 +2,11 @@ import Figure from '/src/components/Figure/Figure'; ## Configure {props.databaseEngine} :::tip -If you prefer installing passbolt with Postgres, you can follow our dedicated [configuration guide](/hosting/configure/database/configure-database/postgres/#debian-ubuntu). +If you prefer installing Passbolt with Postgres, you can follow our dedicated [configuration guide](/hosting/configure/database/configure-database/postgres/#debian-ubuntu). ::: -If not instructed otherwise passbolt {props.distributionLabel} package will install {props.databaseEngine}-server locally. This step will help you create -an empty {props.databaseEngine} database for passbolt to use. +If not instructed otherwise Passbolt {props.distributionLabel} package will install {props.databaseEngine}-server locally. This step will help you create +an empty {props.databaseEngine} database for Passbolt to use.
      Now we need to create a {props.databaseEngine} user with reduced permissions - for passbolt to connect. These values will also be requested later on the - webconfiguration tool of passbolt so please keep them in mind. + for Passbolt to connect. These values will also be requested later on the + webconfiguration tool of Passbolt so please keep them in mind.
      -Lastly we need to create a database for passbolt to use, for that we need to name it: +Lastly we need to create a database for Passbolt to use, for that we need to name it:
      @@ -40,16 +40,16 @@ Please enter a new password for the root database user: MariaDB Root Password: **** MariaDB Root Password (verify): **** ====================================================== -Please enter a name for the passbolt database username +Please enter a name for the Passbolt database username ====================================================== Passbolt database user name:passboltuser ======================================================= -Please enter a new password for the mysql passbolt user +Please enter a new password for the mysql Passbolt user ======================================================= -MariaDB passbolt user password: **** -MariaDB passbolt user password (verify): **** +MariaDB Passbolt user password: **** +MariaDB Passbolt user password (verify): **** ============================================== -Please enter a name for the passbolt database: +Please enter a name for the Passbolt database: ============================================== Passbolt database name:passboltdb`} @@ -71,7 +71,7 @@ Install Haveged ? ### Nginx -Please enter the domain name under which passbolt will run. +Please enter the domain name under which Passbolt will run. Note this hostname will be used as server_name for nginx and as the domain name to register a SSL certificate with let's encrypt if you don't have your own SSL certificates. diff --git a/docs/hosting/_includes/package/_digital-ocean-installation.mdx b/docs/hosting/_includes/package/_digital-ocean-installation.mdx index 941e3f42..5b8a3221 100644 --- a/docs/hosting/_includes/package/_digital-ocean-installation.mdx +++ b/docs/hosting/_includes/package/_digital-ocean-installation.mdx @@ -3,24 +3,24 @@ import WizardConfiguration from '/docs/hosting/_includes/wizard/_server.mdx'; import AdminConfiguration from '/docs/hosting/_includes/wizard/_admin.mdx'; import Link from '@docusaurus/Link'; -Since march 2019 it is possible to install passbolt easily directly from Digital Ocean. -Digital Ocean is an hosting provider based in the USA. In order to run passbolt +Since march 2019 it is possible to install Passbolt easily directly from Digital Ocean. +Digital Ocean is an hosting provider based in the USA. In order to run Passbolt you will need the following: - A Digital Ocean account -- A domain name for example passbolt.yourdomain.com -- Some level of access to point your DNS records to the new passbolt server +- A domain name for example Passbolt.yourdomain.com +- Some level of access to point your DNS records to the new Passbolt server ## 1. Create the droplet in Digital Ocean The first step is to login in [Digital Ocean](https://cloud.digitalocean.com) (or create and setup an account). -You can then head to Marketplace and search for passbolt. +You can then head to Marketplace and search for Passbolt. It is recommended at the point that you have domain name (or subdomain). It is not mandatory but -highly encouraged. Since passbolt web extension is tied to a domain name it will be easier to get +highly encouraged. Since Passbolt web extension is tied to a domain name it will be easier to get it right upfront rather than using the IP address and changing the proper domain name later. -Go to the marketplace and search for passbolt, select the card and click on create +Go to the marketplace and search for Passbolt, select the card and click on create droplet.
      ### 2. Backup your database -It is recommended to always perform a backup of your passbolt installation. Please check the backup article +It is recommended to always perform a backup of your Passbolt installation. Please check the backup article ### 3. Upgrade your system diff --git a/docs/hosting/_includes/package/_upgrade-process.mdx b/docs/hosting/_includes/package/_upgrade-process.mdx index b3520262..448fd311 100644 --- a/docs/hosting/_includes/package/_upgrade-process.mdx +++ b/docs/hosting/_includes/package/_upgrade-process.mdx @@ -1,6 +1,6 @@ import CodeBlock from '@site/src/components/CodeBlock/CodeBlock'; -## Upgrade passbolt +## Upgrade Passbolt :::warning While this documentation provides guidance on upgrading your Passbolt instance from CE to PRO, we highly recommend considering a [migration to a new server](/hosting/migrate/server/). This approach ensures a cleaner transition and avoids potential issues that may persist from your current setup. @@ -15,7 +15,7 @@ While this documentation provides guidance on upgrading your Passbolt instance f ### 2. Backup your database -It is recommended to always perform a backup of your passbolt installation. Please check the [backup article](/hosting/backup/from-packages/) +It is recommended to always perform a backup of your Passbolt installation. Please check the [backup article](/hosting/backup/from-packages/) ### 3. Upload your subscription key @@ -26,7 +26,7 @@ You should copy your subscription key to `/etc/passbolt/subscription_key.txt` an sudo chmod 640 /etc/passbolt/subscription_key.txt`} -### 4. Uninstall passbolt CE +### 4. Uninstall Passbolt CE Passbolt CE package should be removed prior to installing Passbolt Pro. @@ -34,7 +34,7 @@ Passbolt CE package should be removed prior to installing Passbolt Pro. -### 5. Upgrade passbolt package repository +### 5. Upgrade Passbolt package repository For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt PRO and install it. @@ -53,7 +53,7 @@ __Step 3.__ Ensure that the script is valid and execute it: {`sha512sum -c passbolt-pro-SHA512SUM.txt && sudo bash ./passbolt-repo-setup.pro.sh --passbolt-migrate || echo "Bad checksum. Aborting" && rm -f passbolt-repo-setup.pro.sh`} -### 6. Install passbolt PRO +### 6. Install Passbolt PRO Now you can install the Passbolt Pro package. @@ -63,7 +63,7 @@ Now you can install the Passbolt Pro package. <> {props.distributionPackage == 'apt' && (
      -

      As you have already configured passbolt CE, and Passbolt Pro relies on the same configuration, you should reply:

      +

      As you have already configured Passbolt CE, and Passbolt Pro relies on the same configuration, you should reply:

      • No for MariaDB configuration
      • No to NGINX configuration
        • diff --git a/docs/hosting/_includes/warning/_apt-mysql-warning.mdx b/docs/hosting/_includes/warning/_apt-mysql-warning.mdx index dfb2565b..eba29cca 100644 --- a/docs/hosting/_includes/warning/_apt-mysql-warning.mdx +++ b/docs/hosting/_includes/warning/_apt-mysql-warning.mdx @@ -1,3 +1,3 @@ :::info -Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That's why we are suggesting to manually upgrade passbolt prior to system upgrade -::: \ No newline at end of file +Sometimes, while updating when there is also an update to MySQL/MariaDB you will get an error on the upgrade step. That's why we are suggesting to manually upgrade Passbolt prior to system upgrade +::: diff --git a/docs/hosting/_includes/warning/_subdirectory-https-warning.mdx b/docs/hosting/_includes/warning/_subdirectory-https-warning.mdx index 454993af..077ac5da 100644 --- a/docs/hosting/_includes/warning/_subdirectory-https-warning.mdx +++ b/docs/hosting/_includes/warning/_subdirectory-https-warning.mdx @@ -1,3 +1,3 @@ :::warning -This configuration does not support serving passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default -::: \ No newline at end of file +This configuration does not support serving Passbolt on a subdirectory fashion. For example, scenarios like https://mydomain.com/passbolt are not supported by default +::: diff --git a/docs/hosting/_includes/wizard/_admin.mdx b/docs/hosting/_includes/wizard/_admin.mdx index 2b408fcf..b88b71bb 100644 --- a/docs/hosting/_includes/wizard/_admin.mdx +++ b/docs/hosting/_includes/wizard/_admin.mdx @@ -5,7 +5,7 @@ import Counter from '/docs/components/counter'; -Before continuing passbolt will require you to download its plugin. If you already have it installed you can go to the next step. +Before continuing Passbolt will require you to download its plugin. If you already have it installed you can go to the next step.
        -Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing attacks. Each time you are performing a sensitive operation on passbolt, you should see this token. +Choosing a color and a three characters token is a secondary security mechanism that helps you to mitigate phishing attacks. Each time you are performing a sensitive operation on Passbolt, you should see this token.
        -Your administrator account is configured. You will be redirected to the login page of passbolt. Enjoy! +Your administrator account is configured. You will be redirected to the login page of Passbolt. Enjoy! diff --git a/docs/hosting/_includes/wizard/_server.mdx b/docs/hosting/_includes/wizard/_server.mdx index e6eb69d3..b872b423 100644 --- a/docs/hosting/_includes/wizard/_server.mdx +++ b/docs/hosting/_includes/wizard/_server.mdx @@ -4,9 +4,9 @@ import Counter from '/docs/components/counter'; import Link from '@docusaurus/Link'; import DigitalOceanSMTPWarning from '/docs/hosting/_includes/warning/_digital-ocean-smtp.mdx'; -## 2. Configure passbolt +## 2. Configure Passbolt -Before you can use the application, you need to configure it. Point your browser to the hostname / ip where passbolt +Before you can use the application, you need to configure it. Point your browser to the hostname / ip where Passbolt can be reached. You will reach a getting started page.
        -The first page of the wizard will tell you if your environment is ready for passbolt. Solve issues if any and click on +The first page of the wizard will tell you if your environment is ready for Passbolt. Solve issues if any and click on "Start configuration" when ready. <> @@ -100,7 +100,7 @@ The first page of the wizard will tell you if your environment is ready for pass Optional: In case you do not want to use the autogenerated mariadb credentials you could connect through ssh to your instance and use the mariadb root credentials to create a new user, password and - database for passbolt to use: + database for Passbolt to use: 

                 ssh admin@your_domain|instance_ip
@@ -122,7 +122,7 @@ The first page of the wizard will tell you if your environment is ready for pass
     <>
       
       
        
-        This step is about telling passbolt which database to use. Enter the
+        This step is about telling Passbolt which database to use. Enter the
         host name, port number, database name, username and password.
       
        
       {props.productLabel === 'CE' ? (
@@ -148,7 +148,7 @@ The first page of the wizard will tell you if your environment is ready for pass
 
 
 
-In this section you can either generate or import a GPG key pair. This key pair will be used by passbolt API to authenticate itself during the login handshake process.
+In this section you can either generate or import a GPG key pair. This key pair will be used by Passbolt API to authenticate itself during the login handshake process.
 Generate a key if you don't have one.
 
 <>
@@ -240,7 +240,7 @@ You can also test that your configuration is correct by using the test email fea
 
 
 
-The wizard will then ask you what preferences you prefer for your instance of passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.
+The wizard will then ask you what preferences you prefer for your instance of Passbolt. The recommended defaults are already pre-populated but you can also change them if you know what you are doing.
 
 <>
   {props.productLabel === 'CE' ? (
@@ -288,7 +288,7 @@ You need to create the first admin user account. This first admin user is probab
 
 
 
-That's it. The wizard has now enough information to proceed with the configuration of passbolt. Sit back and relax for a few seconds while the configuration process is going on.
+That's it. The wizard has now enough information to proceed with the configuration of Passbolt. Sit back and relax for a few seconds while the configuration process is going on.
 
 <>
   {props.productLabel === 'CE' ? (
@@ -338,19 +338,19 @@ Your user account is now created. You will see a redirection page for a few seco
       switch (props.distributionLabel) {
         case 'Virtual Appliance':
           return (
-            
        Passbolt Pro VM uses passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the debian package:
        
+            
        Passbolt Pro VM uses Passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the debian package:
        
           );
         case 'Digital Ocean':
           return (
-            
        Passbolt Digital Ocean uses passbolt ubuntu package. Depending on your needs there are two different options to setup nginx and SSL using the ubuntu package:
        
+            
        Passbolt Digital Ocean uses Passbolt ubuntu package. Depending on your needs there are two different options to setup nginx and SSL using the ubuntu package:
        
           );
         case 'Ubuntu':
           return (
-            
        Passbolt uses passbolt ubuntu package. Depending on your needs there are two different options to setup nginx and SSL using the ubuntu package:
        
+            
        Passbolt uses Passbolt ubuntu package. Depending on your needs there are two different options to setup nginx and SSL using the ubuntu package:
        
           );
         case 'Debian':
           return (
-            
        Passbolt uses passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the Debian package:
        
+            
        Passbolt uses Passbolt debian package. Depending on your needs there are two different options to setup nginx and SSL using the Debian package:
        
           );
         default:
           return (
diff --git a/docs/hosting/backup/from-packages.mdx b/docs/hosting/backup/from-packages.mdx
index 8a9077bb..53c946a7 100644
--- a/docs/hosting/backup/from-packages.mdx
+++ b/docs/hosting/backup/from-packages.mdx
@@ -29,7 +29,7 @@ There are also several elements you need to backup:
 
 ### 1. The database
 
-We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.
+We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the Passbolt command as it has been made to avoid any pasting or logins details errors.
 
 
   
diff --git a/docs/hosting/backup/from-sources.mdx b/docs/hosting/backup/from-sources.mdx
index bd993d4b..a2aea9f7 100644
--- a/docs/hosting/backup/from-sources.mdx
+++ b/docs/hosting/backup/from-sources.mdx
@@ -26,7 +26,7 @@ There are also several elements you need to backup:
 
 ### 1. The database
 
-We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the passbolt command as it has been made to avoid any pasting or logins details errors.
+We made a dedicated command in order to make a backup of the database, it uses mysqldump but we recommend to use the Passbolt command as it has been made to avoid any pasting or logins details errors.
 
 __Replace `WEB_SERVER_USER` with the correct one__. Depending on your OS, it could be nginx, www-data, etc.
 ```bash
diff --git a/docs/hosting/configure/database/configure-database/mysql.mdx b/docs/hosting/configure/database/configure-database/mysql.mdx
index d23f90e9..9361dbdd 100644
--- a/docs/hosting/configure/database/configure-database/mysql.mdx
+++ b/docs/hosting/configure/database/configure-database/mysql.mdx
@@ -12,5 +12,5 @@ import Chips from "/src/components/Chips/Chips";
      :::tip[pro tip] -Passbolt install MySQL as the default database management system, as detailed in the [installation guides](/hosting/install). After the package is installed, the setup wizard will assist in configuring the MySQL database. When using Docker, passbolt is pre-configured with a MariaDB container, meaning no additional database configuration is required in this setup. +Passbolt install MySQL as the default database management system, as detailed in the [installation guides](/hosting/install). After the package is installed, the setup wizard will assist in configuring the MySQL database. When using Docker, Passbolt is pre-configured with a MariaDB container, meaning no additional database configuration is required in this setup. ::: diff --git a/docs/hosting/configure/database/configure-database/postgres.mdx b/docs/hosting/configure/database/configure-database/postgres.mdx index 1ccc827e..d3f6caa3 100644 --- a/docs/hosting/configure/database/configure-database/postgres.mdx +++ b/docs/hosting/configure/database/configure-database/postgres.mdx @@ -57,7 +57,7 @@ GRANT ALL PRIVILEGES ON SCHEMA public TO passbolt;`} 5. **Continue the installation of passbolt:** -You will need to navigate on your browser to the URL of your passbolt instance, from there, you will be able to configure the database section with Postgres instead of MySQL. +You will need to navigate on your browser to the URL of your Passbolt instance, from there, you will be able to configure the database section with Postgres instead of MySQL.
      -5. **Continue the installation of passbolt:** +5. **Continue the installation of Passbolt:** -You will need to navigate on your browser to the URL of your passbolt instance, from there, you will be able to configure the database section with Postgres instead of MySQL. +You will need to navigate on your browser to the URL of your Passbolt instance, from there, you will be able to configure the database section with Postgres instead of MySQL.
      - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/debian-auto.mdx b/docs/hosting/configure/https/ce/debian-auto.mdx index 9eb66655..cc17055d 100644 --- a/docs/hosting/configure/https/ce/debian-auto.mdx +++ b/docs/hosting/configure/https/ce/debian-auto.mdx @@ -1,6 +1,6 @@ --- title: Debian/Ubuntu automatic HTTPS configuration -description: How to automatically configure HTTPS on your Debian/Ubuntu passbolt instance +description: How to automatically configure HTTPS on your Debian/Ubuntu Passbolt instance sidebar_label: Debian/Ubuntu Auto hide_table_of_contents: true --- @@ -10,4 +10,4 @@ import AutoCommonImages from '/docs/hosting/_includes/https/auto-common-images.m - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/debian-manual.mdx b/docs/hosting/configure/https/ce/debian-manual.mdx index 1689eb5e..cf7a85a4 100644 --- a/docs/hosting/configure/https/ce/debian-manual.mdx +++ b/docs/hosting/configure/https/ce/debian-manual.mdx @@ -1,9 +1,9 @@ --- title: Debian/Ubuntu manual HTTPS configuration -description: How to manually configure HTTPS on your Debian/Ubuntu passbolt instance +description: How to manually configure HTTPS on your Debian/Ubuntu Passbolt instance sidebar_label: Debian/Ubuntu Manual hide_table_of_contents: true --- import DebManualHTTPS from '/docs/hosting/_includes/https/deb-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/digital-ocean-auto.mdx b/docs/hosting/configure/https/ce/digital-ocean-auto.mdx index 39a978a4..480cc582 100644 --- a/docs/hosting/configure/https/ce/digital-ocean-auto.mdx +++ b/docs/hosting/configure/https/ce/digital-ocean-auto.mdx @@ -1,6 +1,6 @@ --- title: Digital Ocean automatic HTTPS configuration -description: How to automatically configure HTTPS on your Digital Ocean passbolt instance +description: How to automatically configure HTTPS on your Digital Ocean Passbolt instance sidebar_label: Digital Ocean Auto hide_table_of_contents: true --- @@ -12,4 +12,4 @@ import DigitalOceanAuto from '/docs/hosting/_includes/https/digital-ocean-auto.m - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/docker-auto.mdx b/docs/hosting/configure/https/ce/docker-auto.mdx index e17532d3..92627a94 100644 --- a/docs/hosting/configure/https/ce/docker-auto.mdx +++ b/docs/hosting/configure/https/ce/docker-auto.mdx @@ -1,9 +1,9 @@ --- title: Docker automatic HTTPS configuration -description: How to automatically configure HTTPS on your Docker passbolt instance +description: How to automatically configure HTTPS on your Docker Passbolt instance sidebar_label: Docker Auto hide_table_of_contents: true --- import DockerAutoHTTPS from '/docs/hosting/_includes/https/docker-auto.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/docker-manual.mdx b/docs/hosting/configure/https/ce/docker-manual.mdx index 9180e472..7aef4902 100644 --- a/docs/hosting/configure/https/ce/docker-manual.mdx +++ b/docs/hosting/configure/https/ce/docker-manual.mdx @@ -1,9 +1,9 @@ --- title: Docker manual HTTPS configuration -description: How to manually configure HTTPS on your Docker passbolt instance +description: How to manually configure HTTPS on your Docker Passbolt instance sidebar_label: Docker Manual hide_table_of_contents: true --- import DockerManualHTTPS from '/docs/hosting/_includes/https/docker-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/ce/rpm-manual.mdx b/docs/hosting/configure/https/ce/rpm-manual.mdx index 77a48b19..cc5ce354 100644 --- a/docs/hosting/configure/https/ce/rpm-manual.mdx +++ b/docs/hosting/configure/https/ce/rpm-manual.mdx @@ -1,9 +1,9 @@ --- title: RPM based manual HTTPS configuration -description: How to manually configure HTTPS on your RPM based passbolt instance +description: How to manually configure HTTPS on your RPM based Passbolt instance sidebar_label: RPM Manual hide_table_of_contents: true --- import RpmManual from '/docs/hosting/_includes/https/rpm-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/pro/aws-auto.mdx b/docs/hosting/configure/https/pro/aws-auto.mdx index 61f1bd78..06692f4b 100644 --- a/docs/hosting/configure/https/pro/aws-auto.mdx +++ b/docs/hosting/configure/https/pro/aws-auto.mdx @@ -1,6 +1,6 @@ --- title: AWS automatic HTTPS configuration -description: How to automatically configure HTTPS on your AWS AMI passbolt instance +description: How to automatically configure HTTPS on your AWS AMI Passbolt instance sidebar_label: AWS Auto hide_table_of_contents: true --- diff --git a/docs/hosting/configure/https/pro/debian-auto.mdx b/docs/hosting/configure/https/pro/debian-auto.mdx index 87934f54..dc8e5259 100644 --- a/docs/hosting/configure/https/pro/debian-auto.mdx +++ b/docs/hosting/configure/https/pro/debian-auto.mdx @@ -1,6 +1,6 @@ --- title: Debian/Ubuntu automatic HTTPS configuration -description: How to automatically configure HTTPS on your Debian/Ubuntu passbolt instance +description: How to automatically configure HTTPS on your Debian/Ubuntu Passbolt instance sidebar_label: Debian/Ubuntu Auto hide_table_of_contents: true --- diff --git a/docs/hosting/configure/https/pro/debian-manual.mdx b/docs/hosting/configure/https/pro/debian-manual.mdx index c15c25ac..b97b14f4 100644 --- a/docs/hosting/configure/https/pro/debian-manual.mdx +++ b/docs/hosting/configure/https/pro/debian-manual.mdx @@ -1,9 +1,9 @@ --- title: Debian/Ubuntu manual HTTPS configuration -description: How to manually configure HTTPS on your Debian/Ubuntu passbolt instance +description: How to manually configure HTTPS on your Debian/Ubuntu Passbolt instance sidebar_label: Debian/Ubuntu Manual hide_table_of_contents: true --- import DebManualHTTPS from '/docs/hosting/_includes/https/deb-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/pro/docker-auto.mdx b/docs/hosting/configure/https/pro/docker-auto.mdx index 7a9b8e0d..38ea49f4 100644 --- a/docs/hosting/configure/https/pro/docker-auto.mdx +++ b/docs/hosting/configure/https/pro/docker-auto.mdx @@ -1,9 +1,9 @@ --- title: Docker automatic HTTPS configuration -description: How to automatically configure HTTPS on your Docker passbolt instance +description: How to automatically configure HTTPS on your Docker Passbolt instance sidebar_label: Docker Auto hide_table_of_contents: true --- import DockerAutoHTTPS from '/docs/hosting/_includes/https/docker-auto.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/pro/docker-manual.mdx b/docs/hosting/configure/https/pro/docker-manual.mdx index ee306601..077a3a88 100644 --- a/docs/hosting/configure/https/pro/docker-manual.mdx +++ b/docs/hosting/configure/https/pro/docker-manual.mdx @@ -1,9 +1,9 @@ --- title: Docker manual HTTPS configuration -description: How to manually configure HTTPS on your Docker passbolt instance +description: How to manually configure HTTPS on your Docker Passbolt instance sidebar_label: Docker Manual hide_table_of_contents: true --- import DockerManualHTTPS from '/docs/hosting/_includes/https/docker-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/configure/https/pro/ova-auto.mdx b/docs/hosting/configure/https/pro/ova-auto.mdx index 44927399..4dba2294 100644 --- a/docs/hosting/configure/https/pro/ova-auto.mdx +++ b/docs/hosting/configure/https/pro/ova-auto.mdx @@ -1,6 +1,6 @@ --- title: OVA automatic HTTPS configuration -description: How to automatically configure HTTPS on your OVA passbolt instance +description: How to automatically configure HTTPS on your OVA Passbolt instance sidebar_label: OVA Auto hide_table_of_contents: true --- @@ -13,4 +13,4 @@ import PreinstalledReconfigure from '/docs/hosting/_includes/https/preinstalled- - \ No newline at end of file + diff --git a/docs/hosting/configure/https/pro/rpm-manual.mdx b/docs/hosting/configure/https/pro/rpm-manual.mdx index 5ccff553..e9de5122 100644 --- a/docs/hosting/configure/https/pro/rpm-manual.mdx +++ b/docs/hosting/configure/https/pro/rpm-manual.mdx @@ -1,9 +1,9 @@ --- title: RPM based manual HTTPS configuration -description: How to manually configure HTTPS on your RPM based passbolt instance +description: How to manually configure HTTPS on your RPM based Passbolt instance sidebar_label: RPM Manual hide_table_of_contents: true --- import RpmManual from '/docs/hosting/_includes/https/rpm-manual.mdx' - \ No newline at end of file + diff --git a/docs/hosting/faq/do-you-provide-hosting.mdx b/docs/hosting/faq/do-you-provide-hosting.mdx index 8f082ded..14877900 100644 --- a/docs/hosting/faq/do-you-provide-hosting.mdx +++ b/docs/hosting/faq/do-you-provide-hosting.mdx @@ -1,8 +1,8 @@ --- -title: Does passbolt provide hosting? -sidebar_label: Does passbolt provide hosting? +title: Does Passbolt provide hosting? +sidebar_label: Does Passbolt provide hosting? -description: Does passbolt provide hosting? +description: Does Passbolt provide hosting? hide_table_of_contents: true --- diff --git a/docs/hosting/faq/generate-openpgp-key.mdx b/docs/hosting/faq/generate-openpgp-key.mdx index 4be79eba..d2949db8 100644 --- a/docs/hosting/faq/generate-openpgp-key.mdx +++ b/docs/hosting/faq/generate-openpgp-key.mdx @@ -41,7 +41,7 @@ This command will run an interactive wizard that will help you define the key se 1. Select the key type, by instance: RSA. 2. If RSA was chosen, select the keysize, by instance for a strong key: 3072. -3. Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by passbolt, set an expiration date only if you know what you are doing. +3. Select the expiration time, by instance for “no expiry”: 0. Note that key expiration is not well handled by Passbolt, set an expiration date only if you know what you are doing. 4. Confirm the key type information. 5. Enter a name, by instance: Ada Lovelace. 6. Enter an email, by instance: ada.lovelace@mydomain.tld. diff --git a/docs/hosting/faq/how-can-I-update-my-passbolt-server.mdx b/docs/hosting/faq/how-can-I-update-my-passbolt-server.mdx index 0a54d0dc..b868b1d1 100644 --- a/docs/hosting/faq/how-can-I-update-my-passbolt-server.mdx +++ b/docs/hosting/faq/how-can-I-update-my-passbolt-server.mdx @@ -1,7 +1,7 @@ --- -title: How can I update my passbolt server? -description: How to update your passbolt server -sidebar_label: How can I update my passbolt server? +title: How can I update my Passbolt server? +description: How to update your Passbolt server +sidebar_label: How can I update my Passbolt server? hide_table_of_contents: true --- diff --git a/docs/hosting/faq/how-to-generate-jwt-key-pair-manually.mdx b/docs/hosting/faq/how-to-generate-jwt-key-pair-manually.mdx index b30680da..2e0ded3c 100644 --- a/docs/hosting/faq/how-to-generate-jwt-key-pair-manually.mdx +++ b/docs/hosting/faq/how-to-generate-jwt-key-pair-manually.mdx @@ -13,7 +13,7 @@ import Chips from "/src/components/Chips/Chips";
    :::warning -Replace `/usr/share/php` by `/var/www` and `/etc/passbolt` by `/var/www/passbolt/config` if you have installed passbolt from source. +Replace `/usr/share/php` by `/var/www` and `/etc/passbolt` by `/var/www/passbolt/config` if you have installed Passbolt from source. ::: Ensure `/etc/passbolt/jwt` folder exists and is owned by `root` user and `www-data` group. diff --git a/docs/hosting/faq/how-to-import-ssl-certificate-on-mobile-application.mdx b/docs/hosting/faq/how-to-import-ssl-certificate-on-mobile-application.mdx index c69445fb..2b886292 100644 --- a/docs/hosting/faq/how-to-import-ssl-certificate-on-mobile-application.mdx +++ b/docs/hosting/faq/how-to-import-ssl-certificate-on-mobile-application.mdx @@ -13,7 +13,7 @@ import Chips from "/src/components/Chips/Chips"; Pro -Your passbolt server must have HTTPS enabled to be able to use passbolt mobile app. +Your Passbolt server must have HTTPS enabled to be able to use Passbolt mobile app. If you are using self-signed certificates, you must import your server certificate to your mobile device. diff --git a/docs/hosting/faq/how-to-increase-auto-logout-time.mdx b/docs/hosting/faq/how-to-increase-auto-logout-time.mdx index 8d11e704..3ce969da 100644 --- a/docs/hosting/faq/how-to-increase-auto-logout-time.mdx +++ b/docs/hosting/faq/how-to-increase-auto-logout-time.mdx @@ -12,7 +12,7 @@ import Chips from "/src/components/Chips/Chips"; Pro -By default passbolt uses the PHP session duration setting to define when the auto logout should kick in. If the default session timeout is too short for you and your user you can extend it in the PHP configuration. +By default Passbolt uses the PHP session duration setting to define when the auto logout should kick in. If the default session timeout is too short for you and your user you can extend it in the PHP configuration. Currently, the code checks every 15 minutes if the browser is idle, using this browser functionality reserved for extensions, which returns “locked” if the system is locked, “idle” if the user has not generated any input for a specified number of seconds, or “active” otherwise. diff --git a/docs/hosting/faq/how-to-install-passbolt-in-non-interactive-mode.mdx b/docs/hosting/faq/how-to-install-passbolt-in-non-interactive-mode.mdx index 4a020bcb..5eed7419 100644 --- a/docs/hosting/faq/how-to-install-passbolt-in-non-interactive-mode.mdx +++ b/docs/hosting/faq/how-to-install-passbolt-in-non-interactive-mode.mdx @@ -1,7 +1,7 @@ --- -title: How can I install passbolt in non-interactive mode? -description: How to install passbolt in non-interactive mode -sidebar_label: How can I install passbolt in non-interactive mode? +title: How can I install Passbolt in non-interactive mode? +description: How to install Passbolt in non-interactive mode +sidebar_label: How can I install Passbolt in non-interactive mode? hide_table_of_contents: true --- @@ -12,9 +12,9 @@ import Chips from "/src/components/Chips/Chips"; Pro -The non-interactive mode is useful for automating passbolt installation and for users with specific needs. It is available only on Debian and Ubuntu operating systems. +The non-interactive mode is useful for automating Passbolt installation and for users with specific needs. It is available only on Debian and Ubuntu operating systems. -The commands of this page assume you want to install passbolt CE. Replace ce with pro if you plan to install the PRO version. +The commands of this page assume you want to install Passbolt CE. Replace ce with pro if you plan to install the PRO version. ## Package repository setup For easier installation and update tasks Passbolt provides a package repository that you need to setup before you download Passbolt and install it. diff --git a/docs/hosting/faq/how-to-install-passbolt-server.mdx b/docs/hosting/faq/how-to-install-passbolt-server.mdx index 9d5025b5..3abfe983 100644 --- a/docs/hosting/faq/how-to-install-passbolt-server.mdx +++ b/docs/hosting/faq/how-to-install-passbolt-server.mdx @@ -1,7 +1,7 @@ --- -title: How can I install a passbolt server? -description: How to install a passbolt server -sidebar_label: How can I install a passbolt server? +title: How can I install a Passbolt server? +description: How to install a Passbolt server +sidebar_label: How can I install a Passbolt server? hide_table_of_contents: true --- @@ -12,4 +12,4 @@ import Chips from "/src/components/Chips/Chips"; Pro -There are multiple way to install passbolt. You can install it using Docker or on your favorite distribution. Check out the dedicated [documentation page](/hosting/install/) for that topic. +There are multiple way to install Passbolt. You can install it using Docker or on your favorite distribution. Check out the dedicated [documentation page](/hosting/install/) for that topic. diff --git a/docs/hosting/faq/how-to-make-passbolt-backups.mdx b/docs/hosting/faq/how-to-make-passbolt-backups.mdx index 50cb7de9..7563b4fc 100644 --- a/docs/hosting/faq/how-to-make-passbolt-backups.mdx +++ b/docs/hosting/faq/how-to-make-passbolt-backups.mdx @@ -1,7 +1,7 @@ --- -title: How can I make backups of passbolt? -description: How to make backups of passbolt -sidebar_label: How can I make backups of passbolt? +title: How can I make backups of Passbolt? +description: How to make backups of Passbolt +sidebar_label: How can I make backups of Passbolt? hide_table_of_contents: true --- diff --git a/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx b/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx index 873ea17e..c228ab5c 100644 --- a/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx +++ b/docs/hosting/faq/how-to-rotate-server-gpg-keys.mdx @@ -14,12 +14,12 @@ import Chips from "/src/components/Chips/Chips"; ## Docker installation -It is quite simple with docker to rotate your passbolt server GPG keys. Connect yourself inside the passbolt container and delete the keys: +It is quite simple with docker to rotate your Passbolt server GPG keys. Connect yourself inside the Passbolt container and delete the keys: ```bash rm /etc/passbolt/gpg/serverkey.asc rm /etc/passbolt/gpg/serverkey_private.asc ``` -Destroy then recreate passbolt container and new GPG server keys will be generated. +Destroy then recreate Passbolt container and new GPG server keys will be generated. `docker compose up -d --force-recreate` @@ -72,7 +72,7 @@ sudo cat /etc/passbolt/gpg/serverkey.asc | gpg --with-fingerprint - | grep -Ev " # private key fingerprint sudo cat /etc/passbolt/gpg/serverkey_private.asc | gpg --with-fingerprint - | grep -Ev "^(pub|sub|uid|$|sec|ssb)" | tr -d ' ' | sed 's/Keyfingerprint=//' ``` -Open `/etc/passbolt/passbolt.php` configuration file and replace old fingerprint with the new one in the passbolt section: +Open `/etc/passbolt/passbolt.php` configuration file and replace old fingerprint with the new one in the Passbolt section: ```bash 'passbolt' => [ // GPG Configuration. @@ -88,7 +88,7 @@ Open `/etc/passbolt/passbolt.php` configuration file and replace old fingerprint ], ], ``` -Launch a healthcheck command to get passbolt GNUPGHOME folder (usually `/var/lib/passbolt/.gnupg` but can be different if you installed passbolt from source): +Launch a healthcheck command to get Passbolt GNUPGHOME folder (usually `/var/lib/passbolt/.gnupg` but can be different if you installed Passbolt from source): ```bash sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt healthcheck --gpg" | grep GNUPGHOME diff --git a/docs/hosting/faq/how-to-update-my-subscription-key.mdx b/docs/hosting/faq/how-to-update-my-subscription-key.mdx index 71c87546..e3c03968 100644 --- a/docs/hosting/faq/how-to-update-my-subscription-key.mdx +++ b/docs/hosting/faq/how-to-update-my-subscription-key.mdx @@ -45,15 +45,15 @@ You are now able to see your subscription details: ## From command line ### Get ready -All the commands provided below should be done from inside your passbolt directory located in */etc/passbolt/* +All the commands provided below should be done from inside your Passbolt directory located in */etc/passbolt/* :::important[Notice] -If you installed passbolt using the Debian package, or are using the passbolt VM (OVA) run the commands from `/etc/passbolt`. +If you installed Passbolt using the Debian package, or are using the Passbolt VM (OVA) run the commands from `/etc/passbolt`. ::: ### Steps -To update your subscription key, you need to replace your previous subscription key with the new one. In passbolt, the subscription key is stored in `/etc/passbolt/subscription_key.txt` +To update your subscription key, you need to replace your previous subscription key with the new one. In Passbolt, the subscription key is stored in `/etc/passbolt/subscription_key.txt` To replace the existing subscription key with the new one: @@ -71,7 +71,7 @@ To check if the operation was successful and if the new subscription key is vali If you are on a RPM distribution, replace www-data with nginx ::: -If your key is valid, this command will display the passbolt logo and the subscription key details, as in the example below: +If your key is valid, this command will display the Passbolt logo and the subscription key details, as in the example below: ```bash /usr/share/php/passbolt/bin/cake passbolt license_check diff --git a/docs/hosting/faq/how-to-use-docker-rootless-images.mdx b/docs/hosting/faq/how-to-use-docker-rootless-images.mdx index fdd672ad..7bad2a0f 100644 --- a/docs/hosting/faq/how-to-use-docker-rootless-images.mdx +++ b/docs/hosting/faq/how-to-use-docker-rootless-images.mdx @@ -58,7 +58,7 @@ You can know more about how to setup https on docker on the [https configuration ## LDAP To use the LDAP cronjob on the non-root docker the following steps are needed: -- Create a new passbolt-pro-server file that points to an additional cron job +- Create a new `passbolt-pro-server` file that points to an additional cron job - The file by default has the email cronjob so had to preserve that - Create a file for this ldap cronjob - Make the file for the ldap cronjob executable diff --git a/docs/hosting/faq/what-are-minimum-server-requirements.mdx b/docs/hosting/faq/what-are-minimum-server-requirements.mdx index 486a1155..65808eb5 100644 --- a/docs/hosting/faq/what-are-minimum-server-requirements.mdx +++ b/docs/hosting/faq/what-are-minimum-server-requirements.mdx @@ -13,7 +13,7 @@ import Chips from "/src/components/Chips/Chips"; Passbolt has been reported to work on a large variety of servers. -However we recommend you run passbolt using the stable version of a major linux distribution such as Debian, +However we recommend you run Passbolt using the stable version of a major linux distribution such as Debian, Ubuntu, Centos, etc. The minimum virtual machine specs we recommend: diff --git a/docs/hosting/faq/where-to-get-help-for-install-issues.mdx b/docs/hosting/faq/where-to-get-help-for-install-issues.mdx index 3a97910d..f95fed23 100644 --- a/docs/hosting/faq/where-to-get-help-for-install-issues.mdx +++ b/docs/hosting/faq/where-to-get-help-for-install-issues.mdx @@ -27,5 +27,5 @@ Before posting make sure to: ## Professional support If you need a more rapid response time and more in depth help you can also contact -Passbolt SARL, the company behind passbolt, to get professional support services at +Passbolt SARL, the company behind Passbolt, to get professional support services at [contact@passbolt.com](mailto:contact@passbolt.com). diff --git a/docs/hosting/faq/why-I-see-unsafe-mode-banner.mdx b/docs/hosting/faq/why-I-see-unsafe-mode-banner.mdx index 8cbe5add..3ca0a226 100644 --- a/docs/hosting/faq/why-I-see-unsafe-mode-banner.mdx +++ b/docs/hosting/faq/why-I-see-unsafe-mode-banner.mdx @@ -12,9 +12,9 @@ import Chips from "/src/components/Chips/Chips"; Pro -When running the site with debug mode on, or without enforcing https, your passbolt instance can +When running the site with debug mode on, or without enforcing https, your Passbolt instance can not be considered secure. These settings can be useful for example when doing some local testing or development, but should not be used for production. -To disable the warning a passbolt administrator can edit your configuration to set `debug` to false and +To disable the warning a Passbolt administrator can edit your configuration to set `debug` to false and `passbolt.ssl.force` to true. diff --git a/docs/hosting/index.mdx b/docs/hosting/index.mdx index 9516e748..99debee3 100644 --- a/docs/hosting/index.mdx +++ b/docs/hosting/index.mdx @@ -1,6 +1,6 @@ --- title: Welcome to the Hosting Guide! -description: The hosting guide contains all the technical information related to the setup and update of your passbolt self-hosted server. +description: The hosting guide contains all the technical information related to the setup and update of your Passbolt self-hosted server. sidebar_position: 1 sidebar_label: Introduction hide_table_of_contents: true @@ -16,11 +16,11 @@ import Figure from '@site/src/components/Figure/Figure'; ## What is the Hosting Guide? The documentation for Passbolt contains several main sections, all accessible from the top navigation bar: -- The [Hosting Guide](/docs/hosting/) that you're currently reading contains all the technical information related to the setup and update of your passbolt self-hosted server. +- The [Hosting Guide](/docs/hosting/) that you're currently reading contains all the technical information related to the setup and update of your Passbolt self-hosted server. - The [Admin Guide](/docs/admin/) contains all the information for users with the administrator role, e.g. all about the user and admin workspaces. - The [User Guide](/docs/user/) contains all about the functionalities available to every users. - The [API Guide](/docs/api/) contains low-level and detailed information related to the different endpoints of the backend API. - The [Contribute Guide](/docs/contribute/) contains information about how you can contribute to Passbolt in different ways. -If you are new to passbolt you can get some introduction in the next section, otherwise feel free to peruse and find +If you are new to Passbolt you can get some introduction in the next section, otherwise feel free to peruse and find what you are looking for using the navigation on the left. diff --git a/docs/hosting/troubleshooting/docker.mdx b/docs/hosting/troubleshooting/docker.mdx index 0a4b4a42..57d0a56b 100644 --- a/docs/hosting/troubleshooting/docker.mdx +++ b/docs/hosting/troubleshooting/docker.mdx @@ -9,7 +9,7 @@ import CodeBlock from '@theme/CodeBlock'; ## Prerequisite Steps -Connect yourself inside passbolt docker container (replace passbolt-container-name with your own): +Connect yourself inside Passbolt docker container (replace passbolt-container-name with your own): {`docker exec -ti passbolt-container-name bash`} @@ -58,7 +58,7 @@ Alternatively if you are using Docker Secrets you’ll need to run the following ### Server logs -To retrieve the server logs, run this command outside of the container (replace passbolt-container-name with your own): +To retrieve the server logs, run this command outside of the container (replace `passbolt-container-name` with your own): {`docker logs passbolt-container-name`} diff --git a/docs/hosting/troubleshooting/email.mdx b/docs/hosting/troubleshooting/email.mdx index 6a7beb3c..47c033ec 100644 --- a/docs/hosting/troubleshooting/email.mdx +++ b/docs/hosting/troubleshooting/email.mdx @@ -15,7 +15,7 @@ This can come from a variety of reasons, here are the most common ones. There may be an issue with some of the SMTP configuration items, such as credentials, or the hostname, or the port for the selected protocol. -By default passbolt is quite discrete on why a given configuration is not working. You can use the following command to send a test email and get more debug information (replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using OpenSUSE): +By default Passbolt is quite discrete on why a given configuration is not working. You can use the following command to send a test email and get more debug information (replace www-data with nginx if you are running a RHEL-like server, or wwwrun in case you are using OpenSUSE): ```bash sudo -H -u www-data bash -c "/usr/share/php/passbolt/bin/cake passbolt send_test_email --recipient=youremail@domain.com" ``` @@ -25,7 +25,7 @@ If this fails you should double check what is the recommended configuration in y ## Reason 2: Email notifications are disabled in the config -Another reason could be because email notifications are disabled in your configuration. You can review such settings in the administration panel, when you are logged in as an administrator in passbolt. +Another reason could be because email notifications are disabled in your configuration. You can review such settings in the administration panel, when you are logged in as an administrator in Passbolt.
    The user user@domain.com could not be added to group MyGroup because it is not active yet -

    This error happens when passbolt is trying to add a user to a group, but the user has not yet activated their account. Passbolt cannot add such users to groups automatically since their account is not operational yet. When this situation happens, no intervention is required. The user will be added to the group automatically once they activate their account (when they click on the link provided in the email invitation and complete the initial setup)

    +

    This error happens when Passbolt is trying to add a user to a group, but the user has not yet activated their account. Passbolt cannot add such users to groups automatically since their account is not operational yet. When this situation happens, no intervention is required. The user will be added to the group automatically once they activate their account (when they click on the link provided in the email invitation and complete the initial setup)

    - The user user@domain.com could not be mapped with an existing user in passbolt because it was created after. -

    This error happens when a user was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt user has the priority and should not be synced, since it would also mean that the same user would get deleted whenever it is deleted from the directory. When this situation happens, if you absolutely want to sync these 2 users, the solution is to delete the user in passbolt and to run the synchronization again. The user will then be created again and synced.

    + The user user@domain.com could not be mapped with an existing user in Passbolt because it was created after. +

    This error happens when a user was created first in Passbolt and later in the directory. Passbolt then considers that the Passbolt user has the priority and should not be synced, since it would also mean that the same user would get deleted whenever it is deleted from the directory. When this situation happens, if you absolutely want to sync these 2 users, the solution is to delete the user in Passbolt and to run the synchronization again. The user will then be created again and synced.

    - The group MyGroup could not be mapped with an existing group in passbolt because it was created after. -

    This error happens when a group was created first in Passbolt and later in the directory. Passbolt then considers that the passbolt group has the priority and should not be synced, since it would also mean that the same group would get deleted whenever it is deleted from the directory. When this situation happens, if you absolutely want to sync these 2 groups, the solution is to delete the group in passbolt and to run the synchronization again. The group will then be created again and synced.

    + The group MyGroup could not be mapped with an existing group in Passbolt because it was created after. +

    This error happens when a group was created first in Passbolt and later in the directory. Passbolt then considers that the Passbolt group has the priority and should not be synced, since it would also mean that the same group would get deleted whenever it is deleted from the directory. When this situation happens, if you absolutely want to sync these 2 groups, the solution is to delete the group in Passbolt and to run the synchronization again. The group will then be created again and synced.

    - The previously deleted user user@domain.com was not re-added to passbolt. -

    This error happens when a passbolt user was deleted manually in passbolt but not in the directory. Passbolt then considers that the actions performed in passbolt have a higher priority and that the user was deleted for a good reason. When this situation happens, if you absolutely want to sync back this user, the solution is to re-create the user in passbolt and run the synchronization again.

    + The previously deleted user user@domain.com was not re-added to Passbolt. +

    This error happens when a Passbolt user was deleted manually in Passbolt but not in the directory. Passbolt then considers that the actions performed in Passbolt have a higher priority and that the user was deleted for a good reason. When this situation happens, if you absolutely want to sync back this user, the solution is to re-create the user in Passbolt and run the synchronization again.

    @@ -36,7 +36,7 @@ Depending on the structure of your directory or the state of the synchronization
    A request to add user user@domain.com in group MyGroup was sent to the group manager. -

    This scenario happens when passbolt attempts to add a user to a group that has passwords directly shared with it. In this case, adding our user to the group would mean having to encrypt all the passwords shared with the group for this new group member. Due to the end-to-end nature of the solution, the system cannot do it without a human intervention. This is why passbolt sends a request to the group manager so that he can add the user to the group manually, and encrypt the shared secrets at the same time.

    +

    This scenario happens when Passbolt attempts to add a user to a group that has passwords directly shared with it. In this case, adding our user to the group would mean having to encrypt all the passwords shared with the group for this new group member. Due to the end-to-end nature of the solution, the system cannot do it without a human intervention. This is why Passbolt sends a request to the group manager so that he can add the user to the group manually, and encrypt the shared secrets at the same time.

    **Note**: this scenario will not happen in the case of groups without direct access to shared passwords. In this case, the user will be added automatically to the group during the sync.

    @@ -51,7 +51,7 @@ Depending on the structure of your directory or the state of the synchronization
    - The user user@domain.com could not be added to the group MyGroup because membership was removed in passbolt + The user user@domain.com could not be added to the group MyGroup because membership was removed in Passbolt

    This error occurs when a user has been manually removed from a group. Passbolt prioritizes manual actions, assuming the removal was intentional and for a valid reason.

    To resolve this issue, manually re-add the user to the group in Passbolt, and then run the LDAP synchronization afterward.

    diff --git a/docs/hosting/troubleshooting/logs.mdx b/docs/hosting/troubleshooting/logs.mdx index 995fec9b..5ff6425f 100644 --- a/docs/hosting/troubleshooting/logs.mdx +++ b/docs/hosting/troubleshooting/logs.mdx @@ -66,7 +66,7 @@ The datacheck is a great tool as it aims to have a look at the data integrity fo The status report is in most case the best alternative if you need to gather information from the healthcheck, datacheck, do a cleanup dry-run and retrieve the server logs. -On top of executing the healthcheck, datacheck and retrieving the server logs one after the other, it also gives important information about the system itself such as the passbolt edition and version, the version of CakePHP and PHP, composer version etc. +On top of executing the healthcheck, datacheck and retrieving the server logs one after the other, it also gives important information about the system itself such as the Passbolt edition and version, the version of CakePHP and PHP, composer version etc. **Package Installation** ```bash diff --git a/docs/hosting/troubleshooting/performance-tweaks.mdx b/docs/hosting/troubleshooting/performance-tweaks.mdx index c02bf441..d95090b3 100644 --- a/docs/hosting/troubleshooting/performance-tweaks.mdx +++ b/docs/hosting/troubleshooting/performance-tweaks.mdx @@ -29,7 +29,7 @@ This assumes you are running your database on the same host as your Passbolt ins One database improvement that can be made is to skip the reverse DNS lookup in MySQL/MariaDB. To do this you will need to: -Ensure the passbolt user in the database is allowed to connect via `127.0.0.1` and not just `localhost`: +Ensure the Passbolt user in the database is allowed to connect via `127.0.0.1` and not just `localhost`: ```bash [mysql]> GRANT USAGE ON *.* TO `passboltadmin`@`127.0.0.1` IDENTIFIED BY PASSWORD ``; [mysql]> GRANT ALL PRIVILEGES ON `passboltdb`.* TO `passboltadmin`@`127.0.0.1`; diff --git a/docs/hosting/troubleshooting/ssl-tls.mdx b/docs/hosting/troubleshooting/ssl-tls.mdx index 4ad44a21..857c9a7e 100644 --- a/docs/hosting/troubleshooting/ssl-tls.mdx +++ b/docs/hosting/troubleshooting/ssl-tls.mdx @@ -11,7 +11,7 @@ import Figure from '/src/components/Figure/Figure'; ## HTTPS configuration documentation -You will find infos about how to set up [HTTPS on passbolt here](/hosting/configure/https/) +You will find infos about how to set up [HTTPS on Passbolt here](/hosting/configure/https/) ## Check certificates content @@ -48,15 +48,15 @@ The output of the two below commands must be **absolutely the same**. `openssl rsa -noout -modulus -in key.pem | openssl md5` -## Check if certificate matches your passbolt domain name +## Check if certificate matches your Passbolt domain name -Another common error is to define a domain name to passbolt and set a certificate valid for another domain. +Another common error is to define a domain name to Passbolt and set a certificate valid for another domain. Check the domain name of your local certificate: `openssl x509 -text -noout -in cert.pem | grep DNS` -You can also check your instance like this (replace passbolt.domain.tld with your passbolt domain name): +You can also check your instance like this (replace `passbolt.domain.tld` with your passbolt domain name): ``` openssl s_client -connect passbolt.domain.tld:443 /dev/null | openssl x509 -noout -ext subjectAltName @@ -86,15 +86,15 @@ Let’s assume the following chain of trust: - - Your passbolt server certificate has been issued by “My Intermediate CA”. + - Your Passbolt server certificate has been issued by “My Intermediate CA”. - “My Intermediate CA” has been issued by “My Root CA” -To make your passbolt certificate trusted on your system, you have to add the root CA to your operating system keychain. +To make your Passbolt certificate trusted on your system, you have to add the root CA to your operating system keychain. -To manually check if your passbolt SSL certificate has been issued by the correct certificate authority, follow the procedure below. +To manually check if your Passbolt SSL certificate has been issued by the correct certificate authority, follow the procedure below. #### Display the chain of trust -This command will display the chain of trust for passbolt.domain.tld: +This command will display the chain of trust for `passbolt.domain.tld`: `openssl s_client -quiet -connect passbolt.domain.tld:443` @@ -155,7 +155,7 @@ It will return: `intermediate.pem: OK` -But if we try to check if passbolt.pem has been issued by intermediate.pem, it fails: +But if we try to check if `passbolt.pem` has been issued by intermediate.pem, it fails: ``` $ openssl verify -CAfile intermediate.pem passbolt.pem C = LU, ST = Luxembourg, O = Your Company, OU = Your Company IT Team, CN = My Intermediate CA, emailAddress = it@domain.tld diff --git a/docs/hosting/update/docker.mdx b/docs/hosting/update/docker.mdx index 64c7fb01..1378bdae 100644 --- a/docs/hosting/update/docker.mdx +++ b/docs/hosting/update/docker.mdx @@ -21,9 +21,9 @@ import Chips from "/src/components/Chips/Chips"; If you are trying to update the mariadb version in the docker compose file, you might face some errors. To complete the mariadb upgrade, you need to run **mariadb-upgrade -u root -p** in the database container. ::: -It is recommended that users pull the tags pointing to specific passbolt versions when running in environments other than testing. +It is recommended that users pull the tags pointing to specific Passbolt versions when running in environments other than testing. -To update passbolt, you would just need to change the image tag in your docker-compose.yml file: +To update Passbolt, you would just need to change the image tag in your docker-compose.yml file: ```yaml image: passbolt/passbolt: @@ -35,5 +35,5 @@ docker compose up -d ``` By doing this: -a new passbolt docker image will be pulled and a new container created -your passbolt database schema will be updated +a new Passbolt docker image will be pulled and a new container created +your Passbolt database schema will be updated diff --git a/docs/hosting/update/from-source.mdx b/docs/hosting/update/from-source.mdx index fe1b6802..6d459a46 100644 --- a/docs/hosting/update/from-source.mdx +++ b/docs/hosting/update/from-source.mdx @@ -23,13 +23,13 @@ import CodeBlock from '@theme/CodeBlock'; -## Find out where is your passbolt directory -All the commands hereafter should be done from inside your passbolt directory: +## Find out where is your Passbolt directory +All the commands hereafter should be done from inside your Passbolt directory: ```bash cd /var/www/passbolt ``` -By default passbolt should be installed under ```/var/www/passbolt``` but it could be different if you installed from source manually. We will assume for the rest of this tutorial that it is located in ```/var/www/passbolt```. +By default Passbolt should be installed under ```/var/www/passbolt``` but it could be different if you installed from source manually. We will assume for the rest of this tutorial that it is located in ```/var/www/passbolt```. ## Find out the name of your webserver user Some commands need to be run as the same user running the web server. Generally on Debian systems it will be ```www-data``` but on other distributions like Centos it could be for example ```nginx``` or ```httpd```. For the rest of this tutorial we will assume that the user named ```www-data```. @@ -43,15 +43,15 @@ This command for example, will run the healthcheck command as ```www-data``` use ## Make sure the permissions are right for your current user :::caution -Do not run the commands as ```root``` when updating passbolt. It can render your installation unusable. +Do not run the commands as ```root``` when updating Passbolt. It can render your installation unusable. ::: -Running commands as ```root``` can make your installation unusable until the permissions are repaired. We recommend you use another user for this purpose. The whoami command will let you know which user you are logged in as. In our case below, it is the user passbolt. +Running commands as ```root``` can make your installation unusable until the permissions are repaired. We recommend you use another user for this purpose. The whoami command will let you know which user you are logged in as. In our case below, it is the user Passbolt. ```bash $ whoami passbolt ``` -You need to make sure that this user have access to the passbolt directory. The easiest way to do this would be to add such user to the ```www-data``` and sudo groups, so for example for a passbolt user, you could execute as ```root```: +You need to make sure that this user have access to the `passbolt` directory. The easiest way to do this would be to add such user to the ```www-data``` and sudo groups, so for example for a `passbolt` user, you could execute as ```root```: ```bash sudo usermod -a -G www-data passbolt sudo usermod -a -G sudo passbolt @@ -62,7 +62,7 @@ You can check if the user is included in the group (you may need to logout / log $ groups passbolt passbolt : passbolt www-data sudo ``` -Make sure the passbolt directory is owned by the passbolt user and accessible to the ```www-data``` group. You can set the permissions as follow: +Make sure the `passbolt` directory is owned by the `passbolt` user and accessible to the ```www-data``` group. You can set the permissions as follow: ```bash sudo chown -R passbolt:www-data . @@ -85,7 +85,7 @@ drwxr-x--- 2 passbolt www-data . drwx------ 6 root root .. drwxr-x--- 6 passbolt www-data config ``` -Make sure the passbolt directory doesn't contain any changes. If you have altered the passbolt code, stash your changes before executing the following command. +Make sure the `passbolt` directory doesn't contain any changes. If you have altered the Passbolt code, stash your changes before executing the following command. ```bash git checkout HEAD . @@ -119,7 +119,7 @@ composer.phar --version ``` To get the latest version of composer, you can check the composer installation instructions. -## Updating passbolt +## Updating Passbolt ### 1. Take down your site It is generally a good idea to stop running the site prior to the upgrade. This is to avoid having side effects such as active users corrupting the data in the middle of an upgrade. For example if you are using nginx as a webserver: @@ -149,7 +149,7 @@ git checkout tags/v2.13.0 ``` ### 3. Update the dependencies -Some libraries are not packaged with the software but need to be updated using composer, based on what is recommended in the composer.lock. This file is provided by passbolt. +Some libraries are not packaged with the software but need to be updated using composer, based on what is recommended in the composer.lock. This file is provided by Passbolt. ```bash php -d allow_url_fopen=on /usr/bin/composer.phar install --no-dev -n -o diff --git a/docs/hosting/upgrade/docker.mdx b/docs/hosting/upgrade/docker.mdx index 246b81fa..4ade440b 100644 --- a/docs/hosting/upgrade/docker.mdx +++ b/docs/hosting/upgrade/docker.mdx @@ -14,18 +14,18 @@ import Chips from "/src/components/Chips/Chips"; :::caution[Important] -Please take a [full backup](/hosting/backup/from-docker/) of your passbolt before proceeding with the upgrade. +Please take a [full backup](/hosting/backup/from-docker/) of your Passbolt before proceeding with the upgrade. ::: -In order to upgrade from CE to PRO, open your docker-compose.yaml file and search for the passbolt CE image definition: +In order to upgrade from CE to PRO, open your docker-compose.yaml file and search for the Passbolt CE image definition: ```bash image: passbolt/passbolt:IMAGE_TAG ``` -And replace the CE `IMAGE_TAG` with a PRO that can be found on the [docker hub passbolt page](https://hub.docker.com/r/passbolt/passbolt/tags). +And replace the CE `IMAGE_TAG` with a PRO that can be found on the [docker hub Passbolt page](https://hub.docker.com/r/passbolt/passbolt/tags). -In the same location of your `docker-compose.yaml` file, create a `subscription_key.txt` file containing your passbolt subscription key, and add a new volume definition in your docker-compose.yaml file: +In the same location of your `docker-compose.yaml` file, create a `subscription_key.txt` file containing your Passbolt subscription key, and add a new volume definition in your docker-compose.yaml file: ```yaml version: '3.7' @@ -45,8 +45,8 @@ $ docker compose up -d ``` By doing this: -* A new passbolt docker image will be pulled and a new container created -* Your passbolt database schema will be updated +* A new Passbolt docker image will be pulled and a new container created +* Your Passbolt database schema will be updated diff --git a/docs/user/advanced-features/tags/index.mdx b/docs/user/advanced-features/tags/index.mdx index 52d09c5f..0453f7a1 100644 --- a/docs/user/advanced-features/tags/index.mdx +++ b/docs/user/advanced-features/tags/index.mdx @@ -12,7 +12,7 @@ import Figure from "/src/components/Figure/Figure"; Cloud -Sharing passwords using groups is already possible in passbolt and can help organise the passwords. It is often not enough for small teams or users with a lot of passwords, who often need another way to organise their data. +Sharing passwords using groups is already possible in Passbolt and can help organise the passwords. It is often not enough for small teams or users with a lot of passwords, who often need another way to organise their data. ## How are tags different than categories? The major difference between categories and tags is that, in most systems using folders, a given item only belongs to one folder. Inversely, when tagging, one item can be linked to many tags. Also while it is possible to have a hierarchical tag structure it is also less common. diff --git a/docs/user/basic-features/browser/copy-to-clipboard.mdx b/docs/user/basic-features/browser/copy-to-clipboard.mdx index 386c73d9..852774e7 100644 --- a/docs/user/basic-features/browser/copy-to-clipboard.mdx +++ b/docs/user/basic-features/browser/copy-to-clipboard.mdx @@ -19,7 +19,7 @@ A clipboard, in computer terms, is a buffer that some operating systems provide within and between application programs. ::: -1. Log in to your passbolt account +1. Log in to your Passbolt account 2. Select a password you wish to copy to clipboard 3. Click the “more” button” on top of your password list 4. Select option “copy password to clipboard” diff --git a/docs/user/basic-features/browser/export.mdx b/docs/user/basic-features/browser/export.mdx index 93f023af..3e3a76bb 100644 --- a/docs/user/basic-features/browser/export.mdx +++ b/docs/user/basic-features/browser/export.mdx @@ -14,7 +14,7 @@ import Chips from "/src/components/Chips/Chips"; Cloud -## How to export passwords in passbolt +## How to export passwords in Passbolt