PasswordLab Installation Guide for Vultr Marketplace

Overview

This comprehensive guide will walk you through installing PasswordLab from the Vultr marketplace. Vultr's marketplace deployment provides a streamlined installation process with pre-configured database settings, making it one of the fastest ways to deploy PasswordLab in a production environment.

Prerequisites

Before beginning the installation, ensure you have the following:

Required Accounts & Information

• Vultr Account: Active account with billing information and payment method
• Valid PasswordLab License: Purchase from the official website
• SMTP Configuration: Email server details for notifications and 2FA
  • SMTP server address and port
  • Email credentials (username/password)
  • Encryption method (TLS/SSL)

Recommended Preparation

• SSH key pair (optional but recommended for secure access)
• Database name and username preferences
• List of 5 trusted individuals for master key distribution

Part 1: Vultr Server Deployment

Step 1: Access Vultr Cloud Compute

• Log in to your Vultr account
• Navigate to Cloud Compute:
  • You'll land on the Cloud Compute dashboard
  • This is the main server management interface

Step 2: Deploy New Server

• Start server deployment:

  • Click the "Deploy Server" button in the center of the page, OR
  • Click the blue "Deploy" button in the top-right corner

• Choose Compute Type:

  • Shared CPU: Most cost-effective option for small to medium deployments
  • Dedicated CPU: Better performance for larger organizations
  • High-Performance: For maximum performance requirements
  • Recommended: Start with Shared CPU for most use cases

Step 3: Server Configuration

Location Selection

• Choose server location:
  • Select a region closest to your primary users
  • Consider data residency requirements for compliance
  • Popular choices:
    • North America: New York, Chicago, Dallas
    • Europe: London, Frankfurt, Amsterdam
    • Asia-Pacific: Tokyo, Sydney, Singapore

Image Selection

• Navigate to Marketplace Apps:
  • Click on the "Marketplace Apps" tab
  • Search for "PasswordLab"
  • Click on the PasswordLab marketplace image

Server Size Selection

• Choose compute resources:
  • Minimum: 1GB RAM, 1 vCPU (suitable for small teams)
  • Recommended: 2GB RAM, 1 vCPU (better performance)
  • Enterprise: 4GB+ RAM for large organizations
  • Note: PasswordLab works efficiently even on the smallest server sizes

Database Configuration

Unique Vultr Feature: Pre-configure database credentials during deployment

• Database Name: Enter your preferred database name

  • Example: passwordlab, plab_prod, company_vault
  • Use alphanumeric characters and underscores only

• Database Username: Enter your preferred database username

  • Example: plab_user, vault_admin, db_user
  • Avoid using root or common usernames for security

Important: These credentials will be automatically configured during installation and displayed in the Vultr dashboard.

SSH Key Configuration (Optional but Recommended)

• Upload SSH Public Key:
  • Select your pre-uploaded SSH key for passwordless access
  • Benefits: More secure than password authentication
  • Alternative: Skip this step to receive root password via email

Server Identification

• Set Hostname:
  • Enter a descriptive name (e.g., "passwordlab-prod", "vault-server")
  • This helps identify the server in your Vultr dashboard

Step 4: Deploy Server

• Final deployment:

  • Review all configuration settings
  • Click the big blue "Deploy Now" button
  • Vultr begins automated installation process

• Wait for completion:

  • Initial deployment: ~2-3 minutes
  • Full installation: ~5 minutes total
  • Monitor progress in the Vultr dashboard

Part 2: Installation Verification

Step 5: Access Server Details

• Navigate to server:

  • Click on your server name in the Vultr dashboard
  • Access the server details page

• Check installation status:

  • Warning message visible: Installation may still be in progress
  • Warning after 5+ minutes: Safe to proceed (installation complete)
  • No warning: Installation definitely complete

Step 6: Verify Database Credentials

In the Vultr server dashboard, locate the database credentials:

• Database Name: As configured during deployment
• Database Username: As configured during deployment
• Database Password: Auto-generated secure password
• Database Root Password: Auto-generated for administrative access

Important: Note these credentials as they'll be required for PasswordLab configuration.

Part 3: PasswordLab Configuration

Step 7: Access PasswordLab Web Interface

• Get server IP address:

  • Find the server IP in the Vultr dashboard
  • URL format: http://YOUR-SERVER-IP:3000

• Open configuration page:

  • Navigate to the URL in your web browser
  • If you see the PasswordLab configuration page, installation is complete
  • If not loading: Wait an additional 5 minutes for full initialization

Step 8: Initial Configuration Wizard

Step 8.1: Accept Terms and Conditions

• Review the PasswordLab terms and conditions
• Click "Accept" to proceed with configuration

Step 8.2: License Activation

• Enter your valid PasswordLab license key
• Click "Activate License" to validate and proceed
• If no license: Click "Buy a new license" to purchase

Step 8.3: Database Configuration

Use the credentials from your Vultr dashboard:

• Database Host: localhost (database is on the same server)
• Database Port: 3306 (default MySQL/MariaDB port)
• Database Name: [From Vultr dashboard]
• Database Username: [From Vultr dashboard]
• Database Password: [From Vultr dashboard]

Configuration steps:

• Copy credentials exactly from Vultr dashboard
• Enter them in the PasswordLab configuration form
• Click "Test Connection" to verify
• Click "Next" to proceed

Step 8.4: SMTP Configuration

Configure email settings for notifications and 2FA codes:

• SMTP Server: Your email provider's SMTP server
• SMTP Port: 587 (TLS) or 465 (SSL)
• Username: Your email address
• Password: Your email password or app-specific password
• Encryption: TLS or SSL (match your port selection)
• From Address: Email address for outgoing notifications

Step 8.5: Administrator Account Creation

Create the primary system administrator account:

• Full Name: Administrator's full name
• Email Address: Admin email (must be accessible for OTP verification)
• Password: Strong password meeting security requirements
• Confirm Password: Re-enter password for verification

Password Requirements:

• Minimum 8 characters
• Mix of uppercase and lowercase letters
• At least one number
• At least one special character

Step 8.6: Email Verification

• Check your email for the OTP (One-Time Password)
• Enter the OTP in the verification field
• Click "Verify" to confirm your email address
• Resend if needed: Click "Resend OTP" if not received

Step 8.7: Master Vault Setup

Critical Security Configuration: This step creates the master vault protected by Shamir's Secret Sharing

• Master Key Distribution:

  • Enter email addresses for 5 trusted individuals
  • These will receive the master key pieces
  • Best Practice: Use 5 different email addresses
  • For testing: Same email can be used for all 5 pieces

• Key Piece Recipients:

  • Choose individuals who:
    • Are trustworthy and reliable
    • Will be available when vault access is needed
    • Understand the importance of key security
    • Are geographically distributed (recommended)

• Vault Creation Process:

  • System generates the master vault
  • Creates 5 mathematical key pieces using Shamir's Secret Sharing
  • Distributes key pieces via email
  • Requires 3 out of 5 pieces to unlock vault

Step 8.8: System Initialization

The system automatically performs:

• Database schema creation
• Master vault initialization
• Administrator account setup
• Security configuration
• Service configuration

Wait for completion - this process typically takes 1-2 minutes.

Part 4: Post-Installation Setup

Step 9: Service Management

Restart PasswordLab Service

After configuration completion, restart the service to apply settings:

• SSH into your server:

      
  ssh root@your-server-ip
      
    

• Restart the PasswordLab service:

      
  systemctl restart passwordlab
      
    

• Verify service status:

      
  systemctl status passwordlab
      
    

  • Should show "active (running)"
  • If issues occur, check logs: journalctl -u passwordlab -f

Service Management Commands

    
# Start the service
systemctl start passwordlab

# Stop the service
systemctl stop passwordlab

# Restart the service
systemctl restart passwordlab

# Check service status
systemctl status passwordlab

# Enable auto-start on boot
systemctl enable passwordlab  
    
  

Step 10: Master Vault Activation

Collect Master Key Pieces

• Check email inboxes of all 5 key holders
• Collect at least 3 master key pieces
• Verify key piece integrity - each should be a long alphanumeric string

Unlock the Master Vault

• Access PasswordLab:

  • Navigate to http://your-server-ip:3000
  • System will prompt for master key pieces

• Enter key pieces:

  • Minimum required: 3 out of 5 pieces
  • Enter pieces in any order
  • Copy and paste each piece exactly
  • Click "Add Key" after each piece

• Unlock vault:

  • Click "Unlock Vault" when 3+ pieces are entered
  • System validates pieces and unlocks vault
  • Vault becomes operational for users

Step 11: First Login Verification

Administrator Login Test

• Access login page:

  • Go to http://your-server-ip:3000

• Enter credentials:

  • Email: Administrator email address
  • Password: Administrator password

• Complete 2FA:

  • Check email for 2FA verification code
  • Enter code in verification field
  • Click "Verify"

• Access dashboard:

  • Successful login confirms proper installation
  • Begin user management and configuration

Part 5: System Management

Security Configuration

Firewall Settings

The installation automatically configures UFW firewall with:

• SSH (22): Secure server access
• HTTP (80): Web traffic (for SSL redirects)
• HTTPS (443): Secure web traffic
• PasswordLab (3000): Application access

Additional Security Recommendations

• SSL/TLS Certificate:

  • Configure Let's Encrypt for free SSL certificates
  • Or use a commercial SSL certificate
  • Redirect HTTP traffic to HTTPS

• SSH Security:

  • Disable password authentication (use SSH keys only)
  • Change default SSH port if required
  • Configure fail2ban for brute force protection

• System Updates:

  • Enable automatic security updates
  • Regularly update system packages
  • Monitor for PasswordLab software updates

Database Management

Database Access

    
# Access as PasswordLab user
mysql -u [your-db-username] -p [your-db-name]

# Access as root user
mysql -u root -p

# View database credentials
cat /root/database.txt
    
  

Database Maintenance

• Backups: Implement regular automated backups
• Monitoring: Monitor database performance and growth
• Optimization: Regular database optimization and maintenance

Monitoring and Maintenance

System Monitoring

    
# Check system resources
htop
df -h
free -h

# Monitor PasswordLab logs
journalctl -u passwordlab -f

# Check system logs
tail -f /var/log/syslog
    
  

Performance Optimization

• Resource Monitoring:

  • Monitor CPU, memory, and disk usage
  • Scale server resources as needed
  • Optimize database queries if performance issues arise

• Regular Maintenance:

  • Weekly log review
  • Monthly system updates
  • Quarterly security audits

Troubleshooting

Common Issues

Issue 1: PasswordLab Not Accessible

Symptoms: Cannot access web interface on port 3000 Solutions:

    
# Check service status
systemctl status passwordlab

# Check firewall rules
ufw status

# Check if port is listening
netstat -tlnp | grep 3000

# Restart service
systemctl restart passwordlab
    
  

Issue 2: Database Connection Errors

Symptoms: Database connection failures during configuration Solutions:

    
# Verify database service
systemctl status mariadb

# Test database connection
mysql -u [username] -p [database-name]

# Check database credentials
cat /root/database.txt

# Restart database service
systemctl restart mariadb
    
  

Issue 3: Email/SMTP Issues

Symptoms: 2FA codes not being sent Solutions:

• Verify SMTP credentials and settings
• Check email provider security settings
• Test SMTP connection separately
• Ensure app-specific passwords are used if required

Issue 4: Master Vault Unlock Problems

Symptoms: Cannot unlock vault with key pieces Solutions:

• Verify at least 3 valid key pieces
• Check for copy/paste errors in key pieces
• Ensure key pieces are from the same vault creation
• Contact key holders to verify key piece integrity

Log Analysis

Application Logs

    
# Real-time PasswordLab logs
journalctl -u passwordlab -f

# Recent PasswordLab logs
journalctl -u passwordlab --since "1 hour ago"

# Error-only logs
journalctl -u passwordlab -p err
    
  

System Logs

    
# System messages
tail -f /var/log/syslog

# Authentication logs
tail -f /var/log/auth.log

# Database logs
tail -f /var/log/mysql/error.log
    
  

You have successfully deployed PasswordLab on Vultr marketplace with:

• Rapid deployment: Marketplace integration for quick setup
• Pre-configured database: Automatic database setup with secure credentials
• Scalable infrastructure: Easy resource scaling as your organization grows
• Enterprise security: Shamir's Secret Sharing for master key protection
• Professional support: Access to both Vultr and PasswordLab support teams

The system is now ready for:

• User onboarding and management
• Password and secret storage
• Team collaboration and sharing
• Enterprise-grade security operations

Your PasswordLab installation on Vultr provides a robust, scalable, and secure foundation for your organization's password management needs.