Your first step toward security isn't firewalls or fancy detection systems - it's knowing what you own.
In an earlier article, we introduced the NIST Cybersecurity Framework - one of the most widely adopted standards for structuring an organization's security posture. We also explored how a curated set of open-source and free tools, chosen for their ease of installation and real-world usefulness, can be mapped to the five NIST functions: Identify, Protect, Detect, Respond, and Recover.
In this article, we're jumping into one of the tools from that stack: Snipe-IT. It's a free, open-source asset management tool that helps you catalog your organization's assets such as laptops, phones, routers, licenses, cloud accounts, and more. In this guide, we'll walk you through setting it up locally and adding your first real-world assets - all mapped to the Identify function of the NIST Cybersecurity Framework.
Here is a comprehensive summary of Snipe-IT that covers everything you asked for:
Snipe-IT runs best on Linux. If you're on Windows, don't worry - you can still use it by running it inside WSL (Windows Subsystem for Linux). There are two main ways to install it: the traditional Linux setup, or the Docker route. We're going with Docker, because it's usually the easiest option - no messing around with PHP versions, database drivers, or other system dependencies. Just spin it up and you're good to go. In our case, we'll be using WSL Ubuntu to install Snipe-IT.
Docker installation is fairly straightforward, and the Snipe-IT documentation covers it well - with a few small gotchas that we'll point out as we go along.
To stay focused on the Snipe-IT setup itself, we'll assume you already have WSL and the Docker Engine installed and running. If not, you can refer to the links in the Reference section to get those set up first.
From your WSL Ubuntu terminal, create the following directory under /opt, and then navigate into it.
sudo mkdir -p /opt/snipeit
sudo chown $USER:$USER /opt/snipeit
cd /opt/snipeitsudo mkdir -p ensures the full path is created
chown gives your user permission to manage it without sudo every time
.env fileSnipe-IT provides a docker-compose.yml file and a sample .env file to help you complete the Docker-based setup. The docker-compose.yml defines two key services: one for the application and one for the database. It also specifies named volumes for persisting data, so your database and uploaded files aren't lost when containers are restarted.
From your WSL terminal, navigate to the /opt/snipeit directory and then run the following command to download the official docker-compose.yml file for Snipe-IT:
cd /opt/snipeit
curl https://raw.githubusercontent.com/snipe/snipe-it/master/docker-compose.yml --output docker-compose.ymlThis command downloads the file from the official Snipe-IT GitHub repo and saves it locally as docker-compose.yml.
Next, download the .env file, which contains all the necessary configuration settings for setting up the database, email notifications, and other environment-specific options:
curl https://raw.githubusercontent.com/snipe/snipe-it/master/.env.docker --output .envThis command saves the default example environment file as .env, which Snipe-IT will read when starting up.
To verify that both the docker-compose.yml and .env files have been downloaded correctly, run the following command:
ls -aThe -a flag ensures that even hidden files like .env are shown in the output.
You should see something like this:
-rw-r--r-- 1 username username 858 Apr 13 13:32 docker-compose.yml
-rw-r--r-- 1 username username 2150 Apr 13 16:39 .env(The exact file sizes and timestamps may differ depending on when you downloaded them.)
.env fileIf you look at the docker-compose.yml file, you'll notice several placeholders like ${APP_VERSION:-latest}, ${DB_DATABASE}, and others. These are environment variables, and their actual values are provided in the .env file.
Before you can successfully run the docker-compose.yml, it's important to configure the .env file with the correct values.
To do this, open the .env file in any text editor (for example, using nano):
nano .envThen, update the following key parameters as shown below, and save the file when you're done:
APP_VERSION=v8.0.4 # Stable release at the time of writing
APP_KEY= # Leave this empty for now - we'll generate it in the next step
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=<setstrongpassword>
MYSQL_ROOT_PASSWORD=<setstrongpassword>Replace <setstrongpassword> with secure passwords of your choice.
APP_VERSION= v8.0.4 #stable release at time of writing.
APP_KEY= #Leave it empty for now
DB_DATABASE=snipeit
DB_USERNAME=snipeit
DB_PASSWORD=<setstrongpassword>
MYSQL_ROOT_PASSWORD=<setstrongpassword>Why APP_KEY matters?
APP_KEY is a critical setting required by Laravel, the framework that Snipe-IT is built on. It acts as the encryption backbone for the application. It's required for securely encrypting session data, cookies, tokens, etc. Snipe-IT won't run without a valid APP_KEY. You should generate it once per deployment.
⚠️ Do not change it after setup, or you may break access to encrypted data (e.g., login sessions)
We'll generate the key in the next step using a built-in Laravel command.
APP_KEYFrom the Snipe-IT installation directory (/opt/snipeit), run the following command to generate a secure application key:
docker compose run --rm app php artisan key:generate --showThis will output something like:
base64:3FhrbiZx3k1DjLo3n9WhzC9kAZNHdD0eOC/cCqKYLMY=📝 Copy the entire key exactly as it appears.
Now, open the .env file again using your text editor:
nano .envFind the APP_KEY line and update it with the value you just copied:
APP_KEY=base64:3FhrbiZx3k1DjLo3n9WhzC9kAZNHdD0eOC/cCqKYLMY=Save and exit the file.
Now that your .env file is configured and the APP_KEY is set, you can start the Snipe-IT application by running:
docker compose up -dThis command will start both the app and database containers in detached mode (i.e., in the background).
🔄 Important (WSL Users): Restart WSL
Based on experience, if you're using WSL, it's a good idea to restart WSL after the containers have been successfully set up. This ensures Docker networking behaves correctly - especially if you encounter issues accessing localhost. You can restart WSL by running:
wsl --shutdownThen reopen your WSL terminal.
❗ When you restart WSL, all running Docker containers are stopped. You'll need to start them again manually. Run the following command to bring the containers back up:
docker compose up -dOnce the containers are running, open your browser and visit: http://localhost:8000
📌 Port 8000 corresponds to the APP_PORT=8000 setting in your .env file. If you've changed this, update the URL accordingly.
You'll now be guided through the Snipe-IT setup wizard to:
When you log in using the admin account created during the setup, you'll be greeted with the Snipe-IT dashboard. It provides a high-level overview of your assets, licenses, accessories, consumables, and more - all easily accessible from the sidebar.
You can start adding new records using the "Create New" button at the top right, or explore sections like Assets, People, and Settings from the left-hand menu.
snipe-IT home page
With that, you've successfully completed the full setup of Snipe-IT using Docker on a WSL-based Ubuntu environment. We covered:
/opt/snipeitdocker-compose.yml and .env filesAPP_KEYThis approach offers a clean, repeatable way to deploy Snipe-IT locally or as a starting point for production rollout. Docker takes care of dependencies, and the environment stays portable and maintainable.
🧠 Pro Tip: Once you're comfortable with the basics, you can explore extending the setup with HTTPS (via Nginx reverse proxy), automated backups, email alerts, LDAP integration, and more.
Snipe-IT is your first layer of clarity. Next, we'll explore how to move from knowing what you own to knowing what's vulnerable with a fast, open-source scanner: Nuclei.
To get notified when we publish next articles in this series and many more interested articles from the world of software development, cybersecurity, and open-source, subscribe to our newsletter below 👇