Enabling Client-side encryption

danger

Client-side encryption mode is fundamental; it cannot be enabled or disabled in an already running Passwork (this will result in your inability to open data).

Client-side encryption must be activated immediately after installing Passwork, before completing the Setup Wizard in the web interface. If at least one user is already registered in the system, Passwork will operate in server-side encryption mode, and the option to enable client-side encryption will become unavailable.

Docker

The standard Docker installation script includes an argument that allows automatic enabling of client-side encryption mode.

Example of running the script with client-side encryption enabled:

shell

./passwork_compose_install.sh -cse

Linux

The Passwork retrieval script includes an argument that allows automatic enabling of client-side encryption mode.

Example of running the script with client-side encryption enabled:

shell

./passwork.sh -cse

Windows Server

Create an additional configuration file .env.local in the root directory of Passwork (example: C:\inetpub\wwwroot\passwork) and add the following line to enable client-side encryption:

.env.local

IS_CLIENT_SIDE_ENCRYPTION_ENABLED=1