Transcription

This is the Passbolt password manager running in my own custom AWS or Amazon web services cloud instance. And in this video, I want to show you just how easy it is to set up and get up and running with the Passbolt manager in your own controlled environment. Hey, before we dive in, please let me add the note. This is a sponsored video Passbolt paid to be here, but seriously, I love the stuff that they are up to. And I think this is a fantastic password manager and honestly might replace everything that I've already been using just so I could get up to speed and be using all the great stuff that Passbolt has to offer. I love the fact that it is open source and I love the fact that you can host it on your own infrastructure. And that's what we're going to be getting into in this video. Okay. So I am inside of a new Ubuntu virtual machine. I'm online at passbolt.com and this is it. This is Passbolt, the open source password manager for startups, agile teams, developers, individuals, IT teams, just about anything. It is finally a password manager built for collaboration that's secure, flexible and automation friendly and ready. Now you can choose here. Do you want an on-premise install where you control everything? That's what we're going to be rolling with. But if you want the easy, hey, press the go button and you're already running, you can use their cloud signup. I'm going to go ahead and check out their on-premise install. And this is how you can self host Passbolt on your own server. You're running your own instance and installation, and you can keep track of all the data. You are fully in control. You can see the couple of tiers here, whether it's community, business or enterprise, you can choose what works best for you. However, down below, they do have a breakdown of what is included in what. And you can see the community tier has just about all of the awesomeness. Take a look through all the check boxes here, and it's everything that you really want to be rolling with. The frequently asked questions can put your mind at ease if you have any of that. And of course, if you wanted to reach out with anything specific, you could contact the team. But let me fire up this free unlimited users, no strings attached instance of the community edition and check it out. This is where Passbolt community edition being a hundred percent open source, both free as in beer and free as in speech, there are no strings attached. And you can choose whether you want to spin this up within Docker and Ubuntu installed, Debian, CentOS, any OS, whatever flavor of Linux you might like, or the fun stuff you can kick it on your favorite cloud provider. Now, normally I'm a digital ocean fan boy, but I wanted to kick the tires. I wanted to see how this thing might look over on AWS. So I'm gonna go ahead and click AWS and it should be super duper easy. All you have to do is roll through their deployment guide and just fire it off in a single click. Let me click here, deploy to AWS and boom. This brings me right to the AWS marketplace where you could go ahead and subscribe to be rolling with the Passbolt community edition AMI. They do have this all already built for you. So you can just hit the go button and get running. So let's go ahead and do it. I'll hit continue to subscribe here. I'm gonna have to log into AWS. Cool. Now that I am logged in, let's go ahead and continue to subscribe. Need to cruise through here. Just the terms and conditions. Hey, yep. Totally cool with Passbolt. We can go ahead and accept the terms. I'll do that right here. Accept terms. Thank you for subscribing. We're processing your request and it looks like this takes a few minutes, but you'll be notified on this page when the subscription is complete. And I can see that down here in this little table, you can see the product. Uh, we've got the Passbolt community edition AMI affected date and expiration date are pending. This should kickstart once it's ready. And there we go. All right. All done. We can continue to configuration and here we go. We can go ahead and configure the software, the fulfillment option, and really the defaults should all be fine. We can go ahead and continue to launch. Now, before I get too far on ahead of here, I do want to make sure I'm tracking with the documentation, you know, the real actual detailed installation guide. So let me go ahead and cruise through here inside of their documentation. You can see everything that this AMI image is made up of, and you can cruise through this simple getting started guide, which does basically everything that we've just done. There is a good note here. If you do plan on using this in production, uh, as we probably intend to being, you know, our password manager, you will want to be rolling with HTTPS. So we recommend setting up SSL. You can do this in two different ways, using an automatic method with Let's Encrypt or having your own user provided SSL certificates. I think for the easy stuff, we can go ahead and use our auto. We'll go ahead and keep that in mind. We will go do that in just a moment, but first we need to actually go to our own application and see if we can access this thing. We can launch from website. Basically the default is fine. EC2 size, T2 medium is just fine. VPC should be all right. Subnet should be just fine. However, we will want to make sure that we are supplying a new key pair. I want to go ahead and create a key pair so that I'll be able to SSH in. So let me go ahead and create a key pair within EC2 and I'll fire up my terminal and create a new one for me. I'll zoom in a bit and I can use the command ssh-tack-keygen to generate a new public and private key pair. Uh, totally cool with slapping it in the default location, all good to overwrite it, doesn't need a passphrase. I can just hit enter here and that should be created. Now I can go ahead and just cat out my .ssh-id-rsa.pub to receive the public key, and this gives me all this gunk, which I want to go ahead and copy and paste and give to AWS. And now back on the AWS page, I'll move into actions and say import key pair. We can go ahead and enter the passbolt name just for the sake of our demonstration and the key pair file. We could browse to it. However, it just says you can paste in the contents of your public key and the public key contents text box down below here, and then we can go ahead and import the key pair. Now that that is done, we have a passbolt key pair created for us, and now we can go ahead and use, after I refresh this, grabbing my passbolt key pair settings. Now we can launch this, fire it up, and there we go. Congratulations. An instance of the software is successfully deployed on EC2. It is cruising, running within AWS. We can go ahead and view this instance on the EC2 console, and there we go. Now I have my instance running. We can check this thing out. It looks like we have a public IP address already set up for us, and we can go ahead and go access this. I'll go ahead and open the address, and note this will, I believe, automatically bring you to HTTPS, so it tells me, hey, this is unable to connect, but we know that we'll need to go ahead and configure our own SSL setup. So while this is currently connecting on HTTPS, we're not going to be able to access it from there. We do need to switch this to HTTP, just listing, hey, on port 80, remove the S in the address and URL bar. Now when we connect to this, looks like we've got, ooh, there's that message. Passbolt is not configured yet. If you see this page, it means that passbolt is present on your server, but not yet configured. Go ahead and click on get started to launch a configuration wizard, and we can start cruising through here. And I appreciate it right off the bat. It's saying, hey, looking good. Your environment is ready for passbolts, environment set, GPG is set, but SSL access is not yet enabled. You can still proceed, but it's recommended that you configure your web server to use HTTPS before you continue. So let's pivot back to that. Back in the documentation where we could set up HTTPS, we'll go ahead and use that auto method. I'll open that up, and this does make a note, hey, if you're going to be working with HTTPS and a valid SSL certificate, you probably are going to be wanting a valid domain name to go ahead and work with this, and actually use Let's Encrypt. We should go ahead and get ourselves a domain name. So let me go do that super duper quick. Looks like I can get just a super simple jhpassbolt.com. Let's go ahead and do that. Add to cart. Let me go ahead and grab the IP address here. We'll set the A record to that. 213, save. Okay. That should be situated. All right. Letting the DNS settings propagate for a moment. Let me see if I can get to jhpassbolt.com. Excellent. Currently still serving on HTTP, but now we can go ahead and set up our Let's Encrypt certificate. So we will need to go ahead and connect to this instance. We can use our SSH client. We do have our passbolt private key already set here. We can just go ahead and SSH right to it. So back on my terminal, let's see if I can just SSH as root into jhpassbolt.com. Looking good. Says, hey, please log in as the user admin rather than the user root. All righty. Let me try that one more time with admin. And there we go. Here, let's read this here. Welcome to your passbolt installation. SSL setup is encouraged to make the web installer process secure as there is sensitive information exchange. You can start the SSL setup process with dpackagetech reconfigure passbolt pro server. Select no for mySQL configuration and yes to nginx configuration. This instance has created on boot a mariadb random credentials for the root user and the passbolt user. You can access those credentials with the file as needed in the root directory, but we should be good. Let's go ahead and use this dpackage command. Let me copy this. Let me just paste that in. Oh, command I found. Uh, we probably need to do that as root, right? Pseudo. There we go. Package passbolt pro server is not installed. No information is available. What? All right. Well, let's go ahead and use their documentation. We explained that we want to edit the nginx configuration file. We can go ahead and edit nginx sites, enable nginx passbolt and search for server underscore name. Replace the underscore with your passbolt domain name. So let's pseudo nano that fella. Managed by passbolt. Let's change that server name to jhpassbolt.com. Hit control O to save that. And that is the only occurrence of server name. Now we should end up reconfiguring passbolt with pseudo dpackage reconfigure passbolt tax CE server. Ah, okay. So that must've just said pro for the professional version. We are on the community edition. Let's do that. Scribble guide you to create an empty database. Do you want to create a passport database on the local MySQL? No for my SQL, but yes for nginx. Correct. Yep. Say no to my SQL, but yes for nginx. Let's do it. We can use auto to select the let's encrypt option. Passport domain name should be jhpassbolt.com and that should be doing its thing. Alrighty. Performing the HTTP challenge. Classic. Let's encrypt output. And there we go. Visit HTTPS jhpassbolt.com to finish installation. All right, let's get back there. Look at that HTTPS. We've got a little certificate rocking for us, and now we can continue with the configuration. Let's get started. And SSL access is enabled. Let's start configuration. Okay. So the first step is the database. Passport AWS AMI comes with the pre-installed MariaDB database. The credentials for this database are randomly generated on the first boot and the web installer auto fills these credentials for you. They will be available in etc. Passport, passport.php if needed. If you want to use those auto-generated credentials, you can just click on next and move to the next step. If you don't want to use those auto-generated credentials, you can connect to SSH and then manage this as needed, but I'm totally cool with it cruising through. So let me go ahead and hit next. Next. We need to create a GPG key. You can either generate or import a GPG key pair. The key pair will be used by the Passport API to authenticate itself during the login handshake process. You'll want to generate a key if you don't already have one. So we can go ahead and generate one. We'll enter our server name can be jhpassport. We'll just say, Hey, my classic email and then no need for a comment. Let's just hit next. Next. We need a mail server, uh, actually going to this, it asks you the question or kind of fills in, look, why do I need an SMTP server as, as if you were asking that question? Cause I am passport needs an SMTP server in order to send invitation emails after an account creation to send email notifications. I don't happen to have my own SMTP service. So let me just see if I can snag one from Google. Let me fill in, I guess, John Hammond for my regular email. And I think you can do that with Gmail. Can you not? Yeah, you can. You just need SMTP, Gmail, and then, you know, that access. Okay. Now that that is done, we can specify the full base URL, which is just the URL to this location. Public registration is not allowed force SSL. Uh, I do want to ensure that, uh, it is highly recommended that you configure for HTTPS. So let's do that. Admin user details. Well, Hey, let's just use my name and let's just use john at JH pass bolts. Dot com hit next and installs a database. Validates the GPGT says everything up collects period. Does lots of, that was a good one. Success. You've completed these is. Okay. So it's sped on ahead without me. Uh, it looks like everything was all good. Let's go ahead and install the browser extension. Let's go ahead and refresh this page. Once we've got it situated, go ahead and add to Firefox here. And there we go. Now we need to enter a passphrase. This will be super duper secure. This is essentially my master password, right? So. Cool. Looks good. Let's go ahead and hit next. And now it would like me to download my recovery kit, download of your recovery kit containing your secret key has automatically started. Uh, make sure you store in a safe place. You may need to keep it later. Let me go ahead and download the kit again. I just removed it momentarily. Cause I didn't capture the footage of it downloading, but that is downloaded and safe. Now we need to pick a color and enter three characters. Let's hit black just of course. And then my security token can be, I guess, J H P uh, this security token will be displayed when your passphrase is requested. So you can quickly verify the form is in fact coming from passport. This will help protect you from phishing attacks. All right, let's hit next. And then we're good. All right. Welcome to pass bolts. Create your first password or wait for a team member to share one with you. I dig it. Here I am. Here's my profile for John. I am the admin of my own domain, and it's super duper slick to have this running on my own official jhpassbolt.com on my own cloud instance through AWS with HTTPS, the extension is set up and working for me. We could go ahead and create whatever passwords that we might like, or we could just go navigate and log into services as I would normally, I guess I can go to Twitter and that's where all the cool people are hanging out. And, uh, let me go ahead and actually add a new password for Twitter. My username should be my regular Twitter username and my password should be my Twitter password. Go ahead and submit. And there we go. Now we've got my Twitter password saved. We can go ahead and use that on this page. If I sign in, we'll use passable to help fill this in that will need my passphrase one more time. But if I get tired of filling that out, I can click the remember until I log out button, just like that. Now passable will fill this in for me. Should automatically grab my password here. I can hit log in. That takes a two factor authentication code for me just as well. And there we go. Now I am logged into Twitter. All thanks to pass bolts and passable is rocking with my own cloud instance here on AWS at J H passport.com. There's my Twitter entry here, and we could go ahead and explore that. Check it out. We could also share it with other members of my team in case, Hey, I'm collaborating with some other folks. They're helping run, manage the social media accounts, whatever the case may be. We could go ahead and send this along to them and do all the great stuff that passport allows us to do. And Hey, before we tune out here, I do want to showcase something super neat. Uh, if you're transitioning from one password manager to passport, you can go ahead and import passwords that you might've exported from another password manager. So I want to go ahead and import passwords that I've already stored in a CSV file exported from another service or application. And we could go ahead and have all of these loaded into passports super duper quickly. So now, sure. I've created just my small one by one, maybe entering my Twitter password and then doing one on service at a time. But ultimately this is where the magic comes in because it could just sink, pull down, import, grab all the passwords you might already be rocking within a second here and done. Looks like you got almost all of them. A 465 out of 467 passwords have been imported to my own personal cloud password manager. Uh, it does give me the air details that I could zoom in on for those that I'm worried about, but I'm not too concerned. Anything. I've got everything already hooked up. Ultimately we're looking pretty good. I've got all the passwords, the credentials, everything saved so that I could go ahead and access any other application or service that I might naturally all hooked up and situated with Passbolt. So, Hey, that is that, that is installing and setting up Passbolt on an AWS instance, an AMI that we can just rapidly throw out into the ether. And then you can control your own instance of your personal password manager. It's open source, so you can hack on it. You can validate, you can trust it and have the whole public, the whole general world validate it just as well. And you've got all the bells and whistles and security built in between your own HTTPS certificate, the GPG key that you create and control. And everything can remain yours. You're in control of your data and man, that is so, so cool. So, Hey, huge kudos, huge thanks, huge props to Passbolt and everything that you're doing. If you haven't already gotten started, Hey, click the link in the description. Go check them out. See if you can spin this up on your own and then make yourself more secure online. That's what this is all about. That's why I am such a huge proponent of password managers and Passbolts. Man, they seem to be doing everything right. So, thumbs up, two thumbs up for them. Thanks so much for watching. I hope you enjoyed, and I really, really sincerely hope you go get Passbolt to try and put this thing out there, create your own password manager with everything already done, situated for you. You just got to deploy it and get it done right. Thank you, Passbolt. Thank you. Hope to see you in the next video.