Skip to content
Klutch.sh Docs

Deploying a Passit App

Introduction

Passit is an open-source password manager with a Django backend and a JavaScript front end. Deploying Passit with a Dockerfile on Klutch.sh provides reproducible builds, managed secrets, and persistent storage for encrypted vault data and logs—all configured from klutch.sh/app. This guide covers installation, repository prep, a production-ready Dockerfile, deployment steps, Nixpacks overrides, sample API usage, and production tips.

Prerequisites

  • A Klutch.sh account (sign up)
  • A GitHub repository containing your Passit code and Dockerfile (GitHub is the only supported git source)
  • PostgreSQL database (deploy as a Klutch.sh TCP app on port 8000; connect on 5432)
  • Redis (optional) for caching/queues (deploy as a Klutch.sh TCP app on port 8000; connect on 6379)
  • Domain and TLS for secure access

For onboarding, see the Quick Start.

Architecture and ports

  • Passit serves HTTP on internal port 8000; choose HTTP traffic.
  • Persistent storage is required for media/uploads and logs.

Repository layout

passit/
├── Dockerfile              # Must be at repo root for auto-detection
├── requirements.txt
├── manage.py
├── passit/                 # Django project
└── front/                  # Frontend (if building in the same repo)

Keep secrets out of Git; store them in Klutch.sh environment variables.

Installation (local) and starter commands

Validate locally before pushing to GitHub:

Terminal window
python -m venv .venv && source .venv/bin/activate
pip install -r requirements.txt
python manage.py migrate
python manage.py collectstatic --noinput
python manage.py runserver 0.0.0.0:8000

If your frontend builds separately, run its build (e.g., npm install && npm run build) and place assets where Django serves them.

Dockerfile for Passit (production-ready)

Place this Dockerfile at the repo root; Klutch.sh auto-detects it (no Docker selection in the UI):

FROM python:3.11-slim


ENV PYTHONDONTWRITEBYTECODE=1 \
    PYTHONUNBUFFERED=1 \
    PORT=8000


WORKDIR /app


COPY requirements.txt .
RUN apt-get update && apt-get install -y --no-install-recommends build-essential libpq-dev && \
    pip install --no-cache-dir -r requirements.txt && \
    apt-get clean && rm -rf /var/lib/apt/lists/*


COPY . .
RUN python manage.py collectstatic --noinput


EXPOSE 8000
CMD ["bash", "-lc", "python manage.py migrate && gunicorn passit.wsgi:application --bind 0.0.0.0:${PORT} --workers 3"]

Notes:

  • Add Node build steps before collectstatic if you build the frontend inside the same image.
  • Install any additional system packages required by your dependencies.

Environment variables (Klutch.sh)

Set these in Klutch.sh before deploying:

  • PORT=8000
  • DJANGO_SETTINGS_MODULE=passit.settings.production
  • SECRET_KEY=<secure-random>
  • ALLOWED_HOSTS=example-app.klutch.sh
  • DATABASE_URL=postgres://<user>:<password>@<db-host>:5432/<db>
  • Optional Redis: REDIS_URL=redis://:<password>@<redis-host>:6379/0
  • Optional email: EMAIL_HOST, EMAIL_PORT, EMAIL_HOST_USER, EMAIL_HOST_PASSWORD, EMAIL_USE_TLS

If you deploy without the Dockerfile and need Nixpacks overrides:

  • NIXPACKS_PYTHON_VERSION=3.11
  • NIXPACKS_BUILD_CMD=pip install -r requirements.txt && python manage.py collectstatic --noinput
  • NIXPACKS_START_CMD=gunicorn passit.wsgi:application --bind 0.0.0.0:8000 --workers 3

Attach persistent volumes

In Klutch.sh storage settings, add mount paths and sizes (no names required):

  • /app/media — user uploads and encrypted vault exports.
  • /app/static — collected static files (optional if you bake them into the image).
  • /app/logs — optional logs if stored on disk.

Ensure these paths are writable inside the container.

Deploy Passit on Klutch.sh (Dockerfile workflow)

  1. Push your repository—with the Dockerfile at the root—to GitHub.
  2. Open klutch.sh/app, create a project, and add an app.
  3. Select HTTP traffic and set the internal port to 8000.
  4. Add the environment variables above, including database, secret key, and optional Redis/email settings.
  5. Attach persistent volumes for /app/media (and /app/logs//app/static if used) sized for your storage needs.
  6. Deploy. Your Passit instance will be reachable at https://example-app.klutch.sh; attach a custom domain if desired.

Sample API usage

Create a user (example endpoint; adjust to your API version):

Terminal window
curl -X POST "https://example-app.klutch.sh/api/auth/register/" \
  -H "Content-Type: application/json" \
  -d '{"email":"user@example.com","password":"P@ssw0rd123"}'

List vaults (authorized request):

Terminal window
curl -X GET "https://example-app.klutch.sh/api/vaults/" \
  -H "Authorization: Bearer <token>"

Health checks and production tips

  • Add an HTTP probe to / or a lightweight health endpoint if available.
  • Enforce HTTPS at the edge; forward internally to port 8000.
  • Keep SECRET_KEY, DB credentials, and API tokens in Klutch.sh secrets; rotate regularly.
  • Monitor storage usage on /app/media and /app/logs; resize before they fill.
  • Pin image versions and test upgrades in staging; back up DB and media before updates.

Passit on Klutch.sh combines reproducible Docker builds with managed secrets, persistent storage, and flexible HTTP/TCP routing. With the Dockerfile at the repo root, port 8000 configured, and Postgres/Redis connected, you can deliver a secure self-hosted password manager without extra YAML or workflow overhead.