Passbolt Case Study

Stephan Hochdoerfer from bitExpert

We interviewed one of passbolt early adopter Mr Hochdoerfer to learn about how people use the solution at the moment and what they expect to see in the future. Would you like to share your story? Leave a comment or get in touch.

Tell us a little about yourself.

I co-founded a company called bitExpert that is focused on developing custom web and mobile applications for our clients. I am based in Mannheim in Germany, which is close to Frankfurt, and co-organize local PHP usergroups in both Mannheim and Frankfurt. We meet bi-monthly to talk about PHP related technologies. Last time we had Marco Pivetta doing an event sourcing workshop. Before that Pascal from continous php came in to talk about their platform. Of course we would be happy to have the passbolt developers present some time soon ;)

What does your company do?

bitExpert is a technology company, we focus on building custom applications for our clients ranging from simple websites to Magento powered ecommerce solutions. We also do custom applications. We try to focus on long-term projects to best support our clients. Some of our applications are used daily by 20,000 people worldwide which is really cool. PHP is our main technology, we use it for 70% of our projects, but we also use Java and Python when it comes to server-side programming languages. For frontend development, we mainly use frameworks like Angular or Sencha ExtJS.

What kind of passwords you have?

We have all sort of passwords, root passwords for our servers, passwords for services like PostgreSQL, MySQL and such, but also passwords for external services like Twitter, travel booking sites and so on. Not to forget passwords to access tools that our clients provide to us, e.g. custom JIRA or GitLab instances.

What were you using before passbolt?

Managing credentials has been an issue for us for a long time. Back in the days we kept credentials in our self-hosted wiki instance. That felt not very secure and wrong and thus we moved the Keepass. Keepass itself is a nice tool, but once you start sharing a “central” Keepass database things can get really messy.

How did you hear about passbolt?

I’m not sure, but I think I read something about it on HackerNews or Reddit about a year and half ago. We gave it a try a few months later mostly to manage the passwords for our IT department for a team of three. That worked fine and since the groups feature was added recently we could roll it out to the first project team. Right now it looks like that we’ll soon be able to roll out passbolt to the rest of the company.

Why did you decide to switch to passbolt?

Apart from the ease of use as a team, since we are based in Germany, we wanted a solution that we could host ourselves. This was a big decision factor for us. For our internal tools we always prefer to have the solution self-hosted. Apart of the privacy issues self-hosted solutions are easier to hook into our central account management which we use LDAP for.

What features are you most looking forward to?

LDAP support still would be a good addition as it would make the life of our IT department easier, especially when we introduce passbolt to the whole company. But since we had to solve the same problem for GitLab, I could think of writing a simple sync script to regularly sync users, groups and group memberships to passbolt. This would require some design thinking for example: when a group is deleted in OpenLDAP we could simply deactivate it in passbolt and not delete it, as to not loose any password.

Apart from LDAP a more complete command line tool would nice as well as tagging support for passwords. Currently we use pseudo tags within the name of an passbolt entry which does not work that well. I am also looking forward the support for mobile phones.

Thanks for the chat Stephan!