PasswordPusher

<div align="center">

Share passwords, text, files & URLs securely with self-deleting links and full audit logs.

</div>

---

v2.0 is released. If you already self-host, see the upgrade guide for migration notes and configuration changes.

---

What is Password Pusher?

Password Pusher is an open source web app for sharing sensitive information safely. You push a password, note, file, or URL; the recipient gets a one-time link that expires after a set number of views and/or time. No more sending secrets over chat or email—encrypted, auditable, and auto-self-destruct.

Use the hosted service or run your own instance with Docker in minutes.

---

Why Password Pusher?

| | | |---|---| | 🔒 Secure by default | Encrypted storage, optional passphrase, expiry by views and/or time. Sensitive data is removed entirely once expired. | | 📋 Full audit trail | See when links were created, viewed, and by whom (with logins). | | 🏠 Self-host or use hosted | Use pwpush.com or deploy your own—Docker, Kubernetes, Helm, or cloud. | | 🌐 Ready for teams | 31 languages, light/dark theme, JSON API, CLI, and many integrations. |

---

Features

Security & privacy

• Encrypted at rest — Sensitive data is stored encrypted and deleted when expired.
• Expiry controls — Limit by number of views and/or time; links can require a passphrase.
• Two-factor authentication — TOTP (authenticator apps) for user accounts, with optional backup codes.
• Audit logging — Track what was shared and who viewed it (with optional logins).
• Unbranded delivery page — No logos, superfluous text or unrelated links to confuse push recipients.

Self-host & customize

• One-command deploy — Docker Compose with automatic SSL/TLS
• Database or ephemeral — Use a database for persistence or run stateless.
• Admin dashboard — Manage your instance from a built-in admin UI.
• White-label — Custom theme, logo, site name, and 26 Bootswatch themes via env vars.
• Custom CSS — Add your own styles; light/dark follows system preference.

Integrations & API

• JSON API — Integrate with scripts, curl, wget, or third-party tools.
• CLI — Automate distribution with CLI tools and scripts.
• 31 languages — UI and secret-URL pages in 31 languages (courtesy of Translation.io).

Trust & community

• Open source — Apache 2.0; no black box. Written and maintained by myself and the team at Apnotic with the help of contributors.
• 14+ years in production — Used to deliver millions of secrets; actively maintained.
• Trusted worldwide — Used by thousands of companies around the globe.

---

Screenshots

| | | | |:---:|:---:|:---:| | Create a push | Audit log | Multi-language URLs |

| | | | |:---:|:---:|:---:| | Password generator | Dark theme | Optional preview step |

---

Editions

| | Open source (this repo) | Pro (pwpush.com) | |---|---|---| | Try it | oss.pwpush.com | pwpush.com | | Use case | Self-host or use OSS demo | Hosted Pro with extra features | | Details | Full source here; you deploy or use the OSS demo. | Pro features are periodically migrated to OSS. |

Feature comparison: pwpush.com/features#matrix

Self-Hosted Password Pusher Pro

Self-hosted Pro (with licensing) is now available. Pro features not yet in OSS will be available for self-hosted deployments.

---

Quick Start

Use the hosted service

No setup: pwpush.com — create a push and share the link.

Run your own instance with Docker Compose

1. Point a DNS record to your server (e.g. pwpush.example.com).
2. Clone this repo or download docker-compose.yml.
3. In docker-compose.yml, uncomment and set:
   • TLS_DOMAIN: 'pwpush.example.com' (for automatic Let’s Encrypt TLS).
   • Optionally set PWPUSH_MASTER_KEY (see comments in the file; generate at us.pwpush.com/generate_key).
4. Run:

docker compose up -d

Open https://pwpush.example.com. The Compose file includes persistent storage, health checks, and is suitable for production.

Note: If you didn't set TLS_DOMAIN visit the application on http://your-ip:5100

Cloud deploy & contributor setup

The repo includes ready-to-adapt configs for common platforms and local dev:

| File / path | Use | |-------------|-----| | app.json | Heroku-style deploy (env vars, postdeploy / db:prepare, process types). | | .do/deploy.template.yaml | DigitalOcean App Platform spec (web + job, secrets placeholders). | | render.yaml | Render Blueprint (web + Postgres, health /up; optional worker commented). | | fly.toml | Fly.io (fly launch — set app name; Dockerfile containers/docker/Dockerfile). | | railway.toml | Railway config-as-code (Dockerfile path; set secrets in dashboard). | | .devcontainer/ | VS Code / GitHub Codespaces: Ruby + Postgres, repo mounted at /workspace, bin/setup. |

Production image build: containers/docker/Dockerfile. Root docker-compose.yml uses the published image; .devcontainer/docker-compose.yml is for development with a mounted working tree.

Use the API, CLI, or integrations

See 3rd party tools & integrations for API usage, CLIs, and integrations.

---

Documentation

Full docs: docs.pwpush.com — installation, configuration, API, themes, and more.

---

Language translations

Translation.io has provided free translation tooling for the OSS version of Password Pusher. The app ships with 31 UI languages.

Consider Translation.io for your company or project’s translation needs.

---

Credits

Security researchers

• Kullai Metikala — GitHub | LinkedIn
• Positive Technologies
• Igniter — GitHub

Translators

| Name | Language | |------|----------| | Oyale | Catalan, Spanish | | Finn Skaaning | Danish | | Mihail Tchetchelnitski | Finnish | | Thibaut | French | | Thomas Wölk | German — GitHub, Twitter | | Martin Otto | German | | Robin Jørgensen | Norwegian | | Łukasz | Polish | | Jair Henrique, Fabrício Rodrigues, Ivan Freitas, Sara Faria | Portuguese (BR) | | Pedro Marques | European Portuguese | | johan323, Fredrik Arvas | Swedish |

Thanks also to [T