PasswordPusher

AI Summary: Password Pusher is an open-source web application designed for securely sharing sensitive information such as passwords, notes, files, and URLs via self-destructing links. Its notable features include encrypted storage, customizable expiry controls, comprehensive audit logging, and the ability to self-host or utilize a hosted service, making it suitable for individual users and teams. The tool supports multiple languages and offers integrations through a JSON API and command-line interface, enhancing its versatility in secure information sharing.

README

v2.0 is released. If you already self-host, see the upgrade guide for migration notes and configuration changes.

What is Password Pusher?

Password Pusher is an open source web app for sharing sensitive information safely. You push a password, note, file, or URL; the recipient gets a one-time link that expires after a set number of views and/or time. No more sending secrets over chat or email—encrypted, auditable, and auto-self-destruct.

Use the hosted service or run your own instance with Docker in minutes.

Why Password Pusher?

Features

Security & privacy

• Encrypted at rest — Sensitive data is stored encrypted and deleted when expired.
• Expiry controls — Limit by number of views and/or time; links can require a passphrase.
• Two-factor authentication — TOTP (authenticator apps) for user accounts, with optional backup codes.
• Audit logging — Track what was shared and who viewed it (with optional logins).
• Unbranded delivery page — No logos, superfluous text or unrelated links to confuse push recipients.

Self-host & customize

• One-command deploy — Docker Compose with automatic SSL/TLS
• Database or ephemeral — Use a database for persistence or run stateless.
• Admin dashboard — Manage your instance from a built-in admin UI.
• White-label — Custom theme, logo, site name, and 26 Bootswatch themes via env vars.
• Custom CSS — Add your own styles; light/dark follows system preference.

Integrations & API

• JSON API — Integrate with scripts, curl, wget, or third-party tools.
• CLI — Automate distribution with CLI tools and scripts.
• 31 languages — UI and secret-URL pages in 31 languages (courtesy of Translation.io).

Trust & community

• Open source — Apache 2.0; no black box. Written and maintained by myself and the team at Apnotic with the help of contributors.
• 14+ years in production — Used to deliver millions of secrets; actively maintained.
• Trusted worldwide — Used by thousands of companies around the globe.

Screenshots

Create a push	Audit log	Multi-language URLs

Password generator	Dark theme	Optional preview step

Editions

Feature comparison: pwpush.com/features#matrix

Self-Hosted Password Pusher Pro

Self-hosted Pro (with licensing) is now available. Pro features not yet in OSS will be available for self-hosted deployments.

Quick Start

Use the hosted service

No setup: pwpush.com — create a push and share the link.

Run your own instance with Docker Compose

1. Point a DNS record to your server (e.g. pwpush.example.com).
2. Clone this repo or download docker-compose.yml.
3. In docker-compose.yml, uncomment and set:
   • TLS_DOMAIN: 'pwpush.example.com' (for automatic Let’s Encrypt TLS).
   • Optionally set PWPUSH_MASTER_KEY (see comments in the file; generate at us.pwpush.com/generate_key).
4. Run:

docker compose up -d

Open https://pwpush.example.com. The Compose file includes persistent storage, health checks, and is suitable for production.

Note: If you didn’t set TLS_DOMAIN visit the application on http://your-ip:5100

Cloud deploy & contributor setup

The repo includes ready-to-adapt configs for common platforms and local dev:

Production image build: containers/docker/Dockerfile. Root docker-compose.yml uses the published image; .devcontainer/docker-compose.yml is for development with a mounted working tree.

Use the API, CLI, or integrations

See 3rd party tools & integrations for API usage, CLIs, and integrations.

Documentation

Full docs: docs.pwpush.com — installation, configuration, API, themes, and more.

Language translations

Translation.io has provided free translation tooling for the OSS version of Password Pusher. The app ships with 31 UI languages.

Consider Translation.io for your company or project’s translation needs.

Credits

Security researchers

• Kullai Metikala — GitHub | LinkedIn
• Positive Technologies
• Igniter — GitHub

Translators

Thanks also to Translation.io for managing translations (free for open source).

Containers & infrastructure

• @fiskhest — Kubernetes manifests
• @sfarosu — Docker, Kubernetes & OpenShift support
• sirux88 — Docker cleanup and multistage builds

Other

• @iandunn — Password form security
• Kasper Grubbe — JSON POST fix
• JarvisAndPi — Favicon design

More: Contributors

Stay updated

• Newsletter — Sign up for release notes, security updates, and tips.
• Social — X, Reddit, Facebook

Donations

Donations are optional. Password Pusher is and will remain open source and free to use.

If it’s useful to you and you’d like to support development, donations are greatly appreciated and go toward hosting, maintenance, testing, and new features.

	Donate via Stripe

You can also support the project with a paid plan on pwpush.com.

Note: Password Pusher is operated by Apnotic, LLC. Donations support the project but are not tax-deductible charitable contributions. See FAQ for more on Apnotic and trust & security.

Star history

License

This project is licensed under the Apache License 2.0. See LICENSE for details.

Citation

@misc{PasswordPusher,
  author = {Peter Giacomo Lombardo},
  title = {Password Pusher: Securely share sensitive information with automatic expiration and deletion. Track who, what and when with full audit logs.},
  year = {2026},
  publisher = {GitHub},
  howpublished = {\url{https://github.com/pglombardo/PasswordPusher}}
}