Mobile applications
Passwork has an official mobile client — Passwork Self-hosted.
It has the main features available in the desktop version of Passwork. With it you can access and manage your vaults, folders and passwords, and use other functions. Passwork Self-hosted is available on App Store and Google Play, or you can scan a QR-code below:
To find out how to connect and start using the apps, see our detailed manuals for Passwork Self-hosted and Passwork 2FA
The app connects directly to your Passwork server using an API, so you need to enable Passwork API first.
To ensure the security of your data, the app always uses HTTPS and checks the validity of the SSL certificate on your server.
Therefore, for the application to work correctly, you need to make sure that:
- Your Passwork server is configured to work via HTTPS
- API is enabled for your account (an administrator can restrict API usage for specific users)
For authorization purposes, Passwork generates a special QR code that contains your Passwork host information and your API key. To authorize a device:
- Log in to your Passwork account
- Click Authorize mobile app in the Settings and Users menu
- Enter your password (and master password if the option is enabled)
- Open the Passwork app and scan the QR code from the pop-up window
- If the authorization is successful, you will be able to start using the app
If you get a connection error upon authorization, then check if:
- API is enabled for your Passwork account
- Your device is able to connect to the server
- You have a valid SSL certificate
Passwork Self-hosted does not use 2FA, as you authorize the device through the desktop version of Passwork. Once the device is linked, you access the app with a PIN-code or biometric data stored on the phone.
You can secure Passwork itself with 2FA using the official Passwork 2FA app or a third-party service like Google Authenticator or Microsoft Authenticator.
Passwork Self-hosted checks the validity of an SSL certificate when connecting to your server. For the cetificate to be validated:
- It must be issued by the root certificate authority
- It must be issued for your server name or DNS record
- It should not be expired
You can get a valid certificate in the following ways:
- Purchase one from any certificate authority
We do not recommend using self-signed certificates, as they increase the risk of security breaches and make automatic validation harder
If you use a self-signed SSL certificate on your Passwork server, you have to add it to the trusted ones on your device.
To install a self-signed certificate on iOS:
- Issue a self-signed public root certificate
- Use that root certificate to issue an SSL certificate for your host
- If you used a self-signed certificate without a root certificate, replace it with a new one as described in step 2
- Export the root certificate in .crt format and transfer it to your iOS device
- Find the .crt file on your iOS device, and the system will ask you to install it automatically
- Go to General -> About -> Certificate Trust Settings and toggle Enable Full Trust for Root Certificates on
To install a self-signed certificate on Android:
- Issue a self-signed public root certificate
- Use that root certificate to issue an SSL certificate for your host
- If you used a self-signed certificate without a root certificate, replace it with a new one as described in step 2
- Export the root certificate in .crt format and transfer it to your Android device
- Find the .crt file on your device and open it. To install, you will have to unlock the phone and enter a name for the certificate.
You may use VPN to access Passwork without a direct connection to the server. This goes for mobile devices as well, where you can set it up through iOS and Android system tools or through any mobile VPN-client. For it to work, your Passwork server should be configured to work over HTTPS and the devices should connect using the server name or the CN value from the certificate. You will also need to install a public root certificate file to your mobile device as described in the section above.
