Enabling Client-side Encryption
Client-side encryption mode is fundamental; it cannot be enabled or disabled in an already running Passwork (this will result in being unable to open data).
Client-side encryption must be activated immediately after installing Passwork, before completing the Setup Wizard in the web interface. If at least one user is already registered in the system, Passwork will operate in server-side encryption mode, and the option to enable client-side encryption will become unavailable.
Docker
The standard Docker installation script includes an argument that allows enabling client-side encryption mode automatically.
Example of running the script with client-side encryption enabled:
- shell
./passwork_compose_install.sh -cse
Linux
The Passwork acquisition script includes an argument that allows enabling client-side encryption mode automatically.
Example of running the script with client-side encryption enabled:
- shell
./passwork.sh -cse
Windows Server
Create an additional configuration file .env.local in the root directory of Passwork (example: C:\inetpub\wwwroot\passwork) and add the following line to enable client-side encryption:
- .env.local
IS_CLIENT_SIDE_ENCRYPTION_ENABLED=1