Skip to content
Klutch.sh Docs

Deploying Psono

Introduction

Psono is an open-source, self-hosted password manager designed for teams and enterprises. It provides secure storage for passwords, API keys, certificates, and other sensitive data with end-to-end encryption. Unlike cloud-based solutions, Psono gives you complete control over your data while offering enterprise-grade security features.

Built with a focus on security and collaboration, Psono uses client-side encryption with industry-standard algorithms. The server never has access to your unencrypted data, ensuring that only authorized users can decrypt their secrets.

Key highlights of Psono:

  • End-to-End Encryption: Client-side encryption using NaCl/libsodium
  • Team Sharing: Securely share credentials with team members
  • Access Control: Fine-grained permissions and group management
  • Two-Factor Authentication: TOTP, FIDO2, and YubiKey support
  • Audit Logging: Complete audit trail of all access and changes
  • LDAP/SAML Integration: Enterprise identity provider support
  • Browser Extensions: Chrome, Firefox, and Edge extensions
  • API Access: Programmatic secret management
  • Self-Hosted: Complete control over your data
  • Open Source: Licensed under Apache 2.0

This guide walks through deploying Psono on Klutch.sh using Docker.

Why Deploy Psono on Klutch.sh

Deploying Psono on Klutch.sh provides several advantages:

Simplified Deployment: Klutch.sh automatically detects your Dockerfile and builds Psono without complex configuration.

Persistent Storage: Attach persistent volumes for database and encryption keys.

HTTPS by Default: Klutch.sh provides automatic SSL certificates, essential for password manager security.

GitHub Integration: Connect your repository directly from GitHub for automatic deployments.

Environment Variable Management: Securely store encryption keys and configuration.

Custom Domains: Assign a custom domain for your password manager.

Prerequisites

Before deploying Psono on Klutch.sh, ensure you have:

  • A Klutch.sh account
  • A GitHub account with a repository for your Psono configuration
  • A PostgreSQL database
  • Basic familiarity with Docker and containerization concepts
  • (Optional) A custom domain for your Psono instance
  • (Optional) SMTP credentials for email notifications

Understanding Psono Architecture

Psono consists of several components:

Psono Server: The backend API server handling authentication and encrypted data storage.

Psono Client: The web application users interact with for managing secrets.

Psono Fileserver: Optional component for secure file storage.

Database: PostgreSQL for storing encrypted data and metadata.

Preparing Your Repository

Create a GitHub repository containing your Dockerfile and Psono configuration.

Repository Structure

psono-deploy/
├── Dockerfile
├── settings.yaml
└── .dockerignore

Creating the Dockerfile

Create a Dockerfile in the root of your repository:

FROM psono/psono-combo:latest


# Copy configuration
COPY settings.yaml /root/.psono_server/settings.yaml


# Create data directory
RUN mkdir -p /data


EXPOSE 80


CMD ["/bin/sh", "-c", "supervisord -c /etc/supervisor/supervisord.conf"]

Creating settings.yaml Configuration

Create a settings.yaml file with your Psono configuration:

# Psono Server Configuration


# Secret key for session encryption (generate with: python3 -c "import secrets; print(secrets.token_hex(32))")
SECRET_KEY: 'YOUR_SECRET_KEY_HERE'


# Activation link secret
ACTIVATION_LINK_SECRET: 'YOUR_ACTIVATION_SECRET_HERE'


# Database configuration
DATABASES:
  default:
    ENGINE: 'django.db.backends.postgresql'
    NAME: 'psono'
    USER: 'psono'
    PASSWORD: 'YOUR_DB_PASSWORD'
    HOST: 'YOUR_DB_HOST'
    PORT: '5432'


# Allowed hosts
ALLOWED_HOSTS: ['*']


# Debug mode (disable in production)
DEBUG: False


# Email configuration
EMAIL_FROM: 'psono@example.com'
EMAIL_HOST: 'smtp.example.com'
EMAIL_HOST_USER: 'smtp_user'
EMAIL_HOST_PASSWORD: 'smtp_password'
EMAIL_PORT: 587
EMAIL_USE_TLS: True


# Allow registration
ALLOW_REGISTRATION: True
ALLOW_LOST_PASSWORD: True


# Enforce email verification
ENFORCE_MATCHING_USERNAME_AND_EMAIL: False


# Host URL (your Klutch.sh URL)
HOST_URL: 'https://your-app-name.klutch.sh'


# Webclient settings
WEB_CLIENT_URL: 'https://your-app-name.klutch.sh'


# File server (optional)
FILE_REPOSITORY_PATH: '/data/files/'


# Logging
LOGGING:
  version: 1
  disable_existing_loggers: False
  handlers:
    console:
      class: logging.StreamHandler
  root:
    handlers:
      - console
    level: WARNING

Creating the .dockerignore File

Create a .dockerignore file:

.git
.github
*.md
LICENSE
.gitignore
*.log
.DS_Store
.env

Deploying Psono on Klutch.sh

    Generate Secret Keys

    Generate the required secret keys:

    Terminal window
    # Secret key
    python3 -c "import secrets; print(secrets.token_hex(32))"
    

    # Activation link secret
    python3 -c "import secrets; print(secrets.token_hex(32))"

    Save these keys securely for the configuration.

    Update settings.yaml

    Replace the placeholder values in settings.yaml with your actual configuration:

    • Database credentials
    • Secret keys
    • Email settings
    • Host URL

    Push Your Repository to GitHub

    Initialize your repository and push to GitHub:

    Terminal window
    git init
    git add Dockerfile settings.yaml .dockerignore
    git commit -m "Initial Psono deployment configuration"
    git remote add origin https://github.com/yourusername/psono-deploy.git
    git push -u origin main

    Create a New Project on Klutch.sh

    Navigate to the Klutch.sh dashboard and create a new project. Give it a descriptive name like “psono” or “password-manager”.

    Create a New App

    Within your project, create a new app. Connect your GitHub account if you haven’t already, then select the repository containing your Psono Dockerfile.

    Configure HTTP Traffic

    In the deployment settings:

    • Select HTTP as the traffic type
    • Set the internal port to 80

    Attach Persistent Volumes

    Add the following volumes:

    Mount PathRecommended SizePurpose
    /data10 GBFile storage and cache
    /root/.psono_server100 MBConfiguration persistence

    Deploy Your Application

    Click Deploy to start the build process. Klutch.sh will:

    • Detect your Dockerfile automatically
    • Build the container image
    • Attach the persistent volumes
    • Start the Psono container
    • Provision an HTTPS certificate

    Initialize Database

    After deployment, run database migrations:

    Terminal window
    psono-server migrate

    Create Admin User

    Create your administrator account:

    Terminal window
    psono-server createsuperuser

    Access Psono

    Once deployment completes, access your Psono instance at https://your-app-name.klutch.sh. Register your account and start managing passwords.

Using Psono

Creating Entries

  1. Log in to your Psono account
  2. Navigate to a folder or create one
  3. Click “Create Entry”
  4. Select entry type:
    • Website Password
    • Application Password
    • Note
    • Environment Variables
    • Credit Card
    • SSH Key
    • GPG Key
  5. Fill in the details and save

Sharing Secrets

  1. Select an entry or folder
  2. Click “Share”
  3. Select users or groups
  4. Set permissions (read, write, grant)
  5. Send invitation

Team Management

  1. Go to Settings > Groups
  2. Create groups for teams
  3. Add members to groups
  4. Share folders with groups

Security Features

Two-Factor Authentication

Enable 2FA for additional security:

  1. Go to Settings > Security
  2. Choose 2FA method:
    • TOTP (Authenticator app)
    • FIDO2/WebAuthn
    • YubiKey
  3. Follow setup instructions

Emergency Codes

Generate emergency codes for account recovery:

  1. Go to Settings > Security
  2. Click “Generate Emergency Codes”
  3. Save codes in a secure location

Browser Extensions

Install browser extensions for easy access:

Enterprise Features

LDAP Integration

Configure LDAP for enterprise authentication:

LDAP:
  enabled: True
  servers:
    - uri: 'ldap://ldap.example.com'
      bind_dn: 'cn=admin,dc=example,dc=com'
      bind_password: 'your_password'
      search_base: 'dc=example,dc=com'

SAML Integration

Configure SAML for SSO:

SAML:
  enabled: True
  idp_metadata_url: 'https://idp.example.com/metadata'

Troubleshooting Common Issues

Cannot Log In

Solutions:

  • Verify email and password
  • Check if account is activated
  • Try password reset
  • Check 2FA if enabled

Sync Issues

Solutions:

  • Clear browser cache
  • Check network connectivity
  • Verify server is accessible
  • Review browser console for errors

Database Errors

Solutions:

  • Verify database credentials
  • Check database connectivity
  • Run migrations if needed

Additional Resources

Conclusion

Deploying Psono on Klutch.sh gives you a secure, self-hosted password manager with enterprise-grade features. With end-to-end encryption, team sharing capabilities, and comprehensive access controls, Psono provides everything teams need for secure credential management.

Take control of your passwords and secrets while maintaining complete data sovereignty with Psono on Klutch.sh.