PasswordLab Installation Guide for DigitalOcean Marketplace

Overview

This comprehensive guide will walk you through installing PasswordLab on DigitalOcean droplet using the DigitalOcean marketplace with a managed database. This setup provides enterprise-grade security with the convenience of cloud-managed infrastructure, eliminating the need for database maintenance, security patches, and backups.

Prerequisites

Before beginning the installation, ensure you have the following:

Required Accounts & Information

1. DigitalOcean Account: Active account with billing information
2. Valid PasswordLab License: Purchase from the official website or marketplace
3. SMTP Configuration: Email server details for notifications and 2FA
   • SMTP server address and port
   • Email credentials (username/password)
   • Encryption method (TLS/SSL)

Recommended Knowledge

• Basic understanding of DigitalOcean interface
• SSH access familiarity
• Email configuration basics

Part 1: Setting Up DigitalOcean Infrastructure

Step 1: Create or Select a Project

1. Log in to DigitalOcean using your account credentials
2. Navigate to the Projects page (default landing page)
3. Create a new project (if you don't have one):
   • Click "New Project"
   • Enter project name and description
   • Select project purpose
   • Click "Create Project"

Step 2: Create the PasswordLab Droplet

1. Start droplet creation:

   • Click the "Create" button in the top-right corner
   • Select "Droplets" from the dropdown menu

2. Choose datacenter region:

   • Select a region closest to your users for optimal performance
   • Note your selection as you'll need to use the same region for the database

3. Select datacenter:

   • Choose any available datacenter within your selected region
   • Example: New York 3, San Francisco 2, etc.

4. Choose the PasswordLab image:

   • Click on the "Marketplace" tab
   • Search for "PasswordLab"
   • Click on the PasswordLab marketplace image
   • Note: Ignore the "Add Managed Database" suggestion for now

5. Select droplet size:

   • Minimum recommended: Basic plan with 1GB RAM
   • For production: 2GB RAM or higher for better performance
   • PasswordLab works efficiently even on the smallest droplet sizes

6. Choose authentication method:

   • SSH Keys (recommended): Select your pre-uploaded SSH key for passwordless access
   • Password: DigitalOcean will email the root password when droplet is ready

7. Enable monitoring (optional but recommended):

   • Check "Monitoring" checkbox
   • This service is free and provides resource usage metrics

8. Set hostname:

   • Enter a descriptive name (e.g., "passwordlab-server")
   • This helps identify your droplet in the dashboard

9. Create the droplet:

   • Click "Create Droplet"
   • Wait for the droplet to be fully deployed (usually 1-2 minutes)

Step 3: Create a Managed Database

Why Use Managed Database?

• Automatic maintenance: Software updates and security patches
• Automated backups: Daily backups with point-in-time recovery
• High availability: Built-in redundancy and failover
• Scalability: Easy resource scaling as your needs grow

Database Setup Process

1. Start database creation:

   • Click "Create" in the top-right corner
   • Select "Databases" from the dropdown

2. Choose datacenter region:

   • IMPORTANT: Select the same region as your droplet
   • This ensures optimal performance and lower latency

3. Select database engine:

   • Choose "MySQL" from the available options
   • MySQL is fully compatible with PasswordLab

4. Choose database configuration:

   • Basic: Most cost-effective for small teams
   • General Purpose: Balanced performance for medium workloads
   • CPU-Optimized: High-performance for large organizations
   • Memory-Optimized: For memory-intensive operations

5. Set cluster name:

   • Enter a descriptive name (e.g., "passwordlab-db")
   • This name will be used to identify your database cluster

6. Create the database cluster:

   • Click "Create Database Cluster"
   • Wait for deployment (typically 5-10 minutes)

Step 4: Configure Database Access

1. Create database user:

   • Go to the "Users & Databases" tab in your database cluster
   • Enter a username for PasswordLab (e.g., "passwordlab_user")
   • Click "Save" to create the user

2. Create database:

   • In the same tab, scroll to the "Databases" section
   • Enter database name (e.g., "passwordlab" or "plab")
   • Click "Save" to create the database

3. Secure database access:

   • Go to the "Overview" tab
   • Find the "Trusted Sources" section
   • Click "Edit"
   • Add your PasswordLab droplet to restrict database access
   • This creates a secure, private connection between droplet and database

Part 2: PasswordLab Configuration

Step 5: Access PasswordLab Web Interface

1. Navigate to your droplet:

   • Go to the Droplets page in DigitalOcean
   • Find your PasswordLab droplet

2. Access the setup interface:

   • Click the "Get started" icon in your droplet row
   • Click "Quick access to PasswordLab"
   • This opens the configuration page in a new tab

Step 6: Initial Configuration Wizard

Step 6.1: Accept Terms and Conditions

• Review and accept the PasswordLab terms and conditions
• Click "Accept" to proceed

Step 6.2: License Activation

• Enter your valid PasswordLab license key
• If you don't have a license, click "Buy a new license"
• Click "Activate License" to proceed

Step 6.3: Database Configuration

1. Get database connection details:

   • Return to DigitalOcean "Databases" page
   • Click on your database cluster
   • Go to "Overview" tab
   • In "Connection Details" section, select "VPC network" for secure private communication

2. Select user and database:

   • Choose the user you created earlier
   • Select the database you created for PasswordLab
   • This will display the correct connection parameters

3. Enter database details in PasswordLab:

   • Database Host: Copy from DigitalOcean (private network address)
   • Database Port: Usually 25060 for managed MySQL
   • Database Name: The database you created
   • Username: The user you created
   • Password: Auto-generated password from DigitalOcean
   • SSL Mode: Enable (recommended for security)

4. Test and save:

   • Click "Test Connection" to verify
   • Click "Next" to proceed

Step 6.4: SMTP Configuration

Configure email settings for notifications and 2FA:

• SMTP Server: Your email provider's SMTP server
• SMTP Port: 587 (TLS) or 465 (SSL)
• Username: Your email address
• Password: Your email password or app-specific password
• Encryption: TLS or SSL (match your port selection)
• From Address: Email address for outgoing notifications

Step 6.5: Administrator Account Creation

Create the main system administrator:

• Full Name: Administrator's full name
• Email Address: Admin email (must be accessible for OTP)
• Password: Strong password following security requirements
• Confirm Password: Re-enter password for verification

Step 6.6: Email Verification

• Check your email for the OTP (One-Time Password)
• Enter the OTP in the verification field
• Click "Verify" to confirm your email address

Step 6.7: Master Vault Setup

Critical Security Step: Master vault is protected by 5 master keys

1. Enter key holder emails:

   • Provide email addresses for 5 trusted individuals
   • Best Practice: Use 5 different email addresses for maximum security
   • For testing: You can use the same email for all 5 keys

2. Key distribution:

   • Each email will receive a unique master key piece
   • At least 3 key pieces are required to unlock the vault
   • Store key pieces securely and separately

3. Vault creation:

   • System generates the encrypted master vault
   • Creates secure key distribution
   • Initializes the database schema

Step 6.8: System Initialization

The system will automatically:

• Create all necessary database tables
• Initialize the encrypted vault structure
• Set up the administrator account
• Configure security parameters
• Prepare the system for first use

Step 7: Post-Configuration Steps

Step 7.1: Restart PasswordLab Service

1. SSH into your droplet:

       
   ssh root@your-droplet-ip
       
     

2. Restart the service:

       
   systemctl restart passwordlab
       
     

3. Verify service status:

   • Service should show as "active (running)"
   • If there are issues, check logs: journalctl -u passwordlab -f

Step 7.2: Optimize Droplet Resources

Since you're using a managed database, disable the local database service:

    
systemctl stop mariadb
systemctl disable mariadb
    
  

This frees up system resources for PasswordLab.

Step 8: Master Vault Activation

Step 8.1: Collect Master Keys

1. Check email inboxes of all 5 key holders
2. Collect at least 3 master key pieces
3. Keep keys secure and accessible

Step 8.2: Unlock Master Vault

1. Access PasswordLab in your browser
2. The system will prompt for master key pieces

3. Enter 3 or more key pieces in any order:

   • Copy and paste each key piece exactly
   • Click "Add Key" after each piece
   • System will confirm when sufficient keys are entered

4. Unlock vault:

   • Click "Unlock Vault"
   • System initializes and becomes fully operational

Step 9: First Login and Verification

Step 9.1: Administrator Login

1. Access the login page:

   • Navigate to http://your-droplet-ip:3000

2. Enter credentials:

   • Email: Administrator email address
   • Password: Administrator password

3. Complete 2FA:

   • Check email for 2FA code
   • Enter the code in the verification field

4. Access dashboard:

   • Successful login confirms proper installation
   • Begin user management and configuration

System Management

PasswordLab Service Commands

    
# Check service status
systemctl status passwordlab

# Start the service
systemctl start passwordlab

# Stop the service
systemctl stop passwordlab

# Restart the service
systemctl restart passwordlab

# View real-time logs
journalctl -u passwordlab -f
    
  

Monitoring and Maintenance

DigitalOcean Monitoring

1. Droplet Metrics:

   • CPU, Memory, Disk usage
   • Network traffic
   • Available in DigitalOcean dashboard

2. Database Metrics:

   • Connection counts
   • Query performance
   • Storage utilization

Troubleshooting

Common Issues

1. Cannot access PasswordLab web interface:

   • Check droplet firewall settings
   • Verify service status: systemctl status passwordlab
   • Check network connectivity

2. Database connection errors:

   • Verify VPC network configuration
   • Check database cluster status in DigitalOcean
   • Confirm security group settings

3. Email/SMTP issues:

   • Test SMTP settings separately
   • Check email provider security settings
   • Verify app-specific passwords if required

4. Master vault unlock issues:

   • Ensure at least 3 valid key pieces
   • Check for copy/paste errors in key pieces
   • Verify email delivery of original keys

You have successfully installed and configured PasswordLab on DigitalOcean with managed database infrastructure. This setup provides:

• Enterprise-grade security with cloud reliability
• Automated maintenance and backup management
• Scalable infrastructure that grows with your needs
• Professional support from both DigitalOcean and PasswordLab

The system is now ready for user onboarding and daily operations. Remember to maintain regular monitoring, keep your master keys secure, and follow security best practices for ongoing operations.