Deploying Passky

Introduction

Passky is a self-hosted, lightweight password manager that focuses on simplicity and security. Unlike complex enterprise solutions, Passky provides straightforward password storage with military-grade XChaCha20 encryption, making it perfect for individuals and small teams who want secure credential management without the complexity.

Built with PHP and designed for easy deployment, Passky offers browser extensions, mobile apps, and a desktop application, ensuring your passwords are accessible wherever you need them.

Key highlights of Passky:

Strong Encryption: XChaCha20 encryption with Argon2id key derivation
Zero-Knowledge Architecture: Server never sees your plaintext passwords
Browser Extensions: Available for Chrome, Firefox, Edge, and Brave
Mobile Apps: Native apps for iOS and Android
Desktop App: Cross-platform desktop application
Import/Export: Transfer passwords from other managers
Password Generator: Built-in secure password generator
Auto-Fill: Automatically fill login forms
Self-Hosted: Complete control over your data
Lightweight: Minimal resource requirements
Open Source: Licensed under GPL-3.0

This guide walks through deploying Passky on Klutch.sh using Docker, configuring the server, and setting up clients for secure password access.

Why Deploy Passky on Klutch.sh

Deploying Passky on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds Passky without complex orchestration. Push to GitHub, and your password manager deploys automatically.

Data Privacy: Host your passwords on your own infrastructure with zero-knowledge encryption.

HTTPS by Default: Klutch.sh provides automatic SSL certificates, essential for secure password transmission.

Persistent Storage: Attach persistent volumes for your database. Your passwords survive container restarts and redeployments.

Custom Domains: Use a memorable domain for your Passky instance.

Always Available: Access your passwords from anywhere, anytime.

Prerequisites

Before deploying Passky on Klutch.sh, ensure you have:

A Klutch.sh account
A GitHub account with a repository for your Passky configuration
Basic familiarity with Docker and containerization concepts
A MySQL or MariaDB database

Preparing Your Repository

Create a GitHub repository containing your Dockerfile for Passky deployment.

Repository Structure

passky-deploy/
├── Dockerfile
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM ghcr.io/rabbit-company/passky-server:latest

# Set environment variables
ENV SERVER_LOCATION=${SERVER_LOCATION}
ENV ADMIN_USERNAME=${ADMIN_USERNAME}
ENV ADMIN_PASSWORD=${ADMIN_PASSWORD}

# Database configuration
ENV MYSQL_HOST=${MYSQL_HOST}
ENV MYSQL_PORT=${MYSQL_PORT}
ENV MYSQL_DATABASE=${MYSQL_DATABASE}
ENV MYSQL_USER=${MYSQL_USER}
ENV MYSQL_PASSWORD=${MYSQL_PASSWORD}

# Mail configuration (optional)
ENV MAIL_ENABLED=${MAIL_ENABLED:-false}
ENV MAIL_HOST=${MAIL_HOST}
ENV MAIL_PORT=${MAIL_PORT}
ENV MAIL_USERNAME=${MAIL_USERNAME}
ENV MAIL_PASSWORD=${MAIL_PASSWORD}

# Expose the web interface port
EXPOSE 80 443

# Use the default entrypoint

Creating the .dockerignore File

Create a .dockerignore file:

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env
.env.local

Environment Variables Reference

Variable	Required	Default	Description
`SERVER_LOCATION`	Yes	-	Your server URL (https://…)
`ADMIN_USERNAME`	Yes	-	Admin panel username
`ADMIN_PASSWORD`	Yes	-	Admin panel password
`MYSQL_HOST`	Yes	-	MySQL server hostname
`MYSQL_PORT`	No	3306	MySQL server port
`MYSQL_DATABASE`	Yes	-	Database name
`MYSQL_USER`	Yes	-	Database username
`MYSQL_PASSWORD`	Yes	-	Database password
`MAIL_ENABLED`	No	false	Enable email notifications
`MAIL_HOST`	No	-	SMTP server hostname
`MAIL_PORT`	No	587	SMTP port
`MAIL_USERNAME`	No	-	SMTP username
`MAIL_PASSWORD`	No	-	SMTP password
`MAX_ACCOUNTS`	No	100	Maximum user accounts
`MAX_PASSWORDS`	No	1000	Maximum passwords per user

Deploying Passky on Klutch.sh

Set Up MySQL/MariaDB Database

Deploy a MySQL or MariaDB database on Klutch.sh or use an external database service. Create a database for Passky.

Generate Admin Credentials

Choose a strong username and password for the admin panel. These should not be reused elsewhere.

Push Your Repository to GitHub

Initialize your repository and push to GitHub with your Dockerfile.

Create a New Project on Klutch.sh

Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “passky” or “password-vault”.

Create a New App

Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your Passky Dockerfile.

Configure HTTP Traffic

In the deployment settings:

Select HTTP as the traffic type
Set the internal port to 80

Set Environment Variables

Add the following environment variables:

Variable	Value
`SERVER_LOCATION`	`https://your-app-name.klutch.sh`
`ADMIN_USERNAME`	Your admin username
`ADMIN_PASSWORD`	Your admin password
`MYSQL_HOST`	Your database host
`MYSQL_DATABASE`	Database name
`MYSQL_USER`	Database username
`MYSQL_PASSWORD`	Database password
`MAX_ACCOUNTS`	`100` (adjust as needed)
`MAX_PASSWORDS`	`1000` (adjust as needed)

Deploy Your Application

Click Deploy to start the build process. Klutch.sh will:

Detect your Dockerfile automatically
Build the container image
Start the Passky container
Provision an HTTPS certificate

Access Passky

Once deployment completes, access your Passky server at https://your-app-name.klutch.sh.

Setting Up Clients

Browser Extension

Install the Passky extension from your browser’s extension store
Open the extension settings
Enter your server URL (https://your-app-name.klutch.sh)
Create an account or log in with existing credentials
Start saving passwords

Mobile App

Download Passky from the App Store or Google Play
Open the app
Enter your server URL in settings
Create an account or log in
Access your passwords on the go

Desktop App

Download the Passky desktop app from the official website
Install and launch the application
Enter your server URL
Log in with your credentials
Manage passwords from your desktop

Using Passky

Creating Passwords

Click the add button in your client
Enter the website URL, username, and password
Optionally add notes or custom fields
Save the entry

Generating Secure Passwords

Passky includes a password generator:

When creating a new entry, click the generate button
Configure length and character types
Generate a secure random password
Use it for your new account

Auto-Fill

The browser extension can automatically fill login forms:

Navigate to a login page
Click the Passky extension icon
Select the matching entry
Credentials are filled automatically

Import/Export

Transfer passwords from other managers:

Export from your current password manager (CSV format)
Use Passky’s import feature
Map the CSV columns to Passky fields
Import your passwords

Admin Panel

Access the admin panel to manage your Passky server:

Navigate to https://your-app-name.klutch.sh/admin
Log in with your admin credentials
View statistics and manage users
Configure server settings

Server Statistics

The admin panel shows:

Total registered users
Total stored passwords
Server health status
API usage statistics

User Management

View all registered users
Delete user accounts if needed
Monitor usage per user

Security Features

Encryption

Passky uses state-of-the-art encryption:

XChaCha20: Stream cipher for password encryption
Argon2id: Memory-hard password hashing
Zero-Knowledge: Server stores only encrypted data

Security Best Practices

Use a strong master password
Enable two-factor authentication when available
Keep clients updated
Regularly backup your database

Additional Resources

Conclusion

Deploying Passky on Klutch.sh gives you a simple yet secure self-hosted password manager. The combination of strong encryption, cross-platform clients, and easy deployment means you can protect your passwords without complexity.

With zero-knowledge architecture ensuring your passwords remain private, Passky provides peace of mind for personal and small team password management needs.