From 6f12bf9af751f084a7dcc88e8a8dc4c870d493d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Kr=C3=BCger?= <valknar@pivoine.art>
Date: Tue, 9 Jun 2026 21:24:51 +0200
Subject: [PATCH] fix(passbolt): disable metadata encryption for new instance
 setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Passbolt 5.x's isNotCreatedInTheFutureRule has zero tolerance for
clock skew — even 1 second between browser and server causes the
metadata key creation to fail during first setup. Disabling the
automatic metadata setup for new instances allows the browser
extension to complete account setup successfully.

Encrypted metadata can be enabled from the admin panel post-setup.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 passbolt/compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/passbolt/compose.yml b/passbolt/compose.yml
index d950001..7a0da8c 100644
--- a/passbolt/compose.yml
+++ b/passbolt/compose.yml
@@ -7,6 +7,7 @@ services:
       PASSBOLT_SSL_FORCE: "false"
       TZ: ${TIMEZONE:-Europe/Amsterdam}
       PASSBOLT_REGISTRATION_PUBLIC: "false"
+      PASSBOLT_PLUGINS_METADATA_ENABLE_FOR_NEW_INSTANCES: "false"
       DATASOURCES_DEFAULT_HOST: passbolt_db
       DATASOURCES_DEFAULT_PORT: "5432"
       DATASOURCES_DEFAULT_DATABASE: passbolt