{"id":15109528,"url":"https://github.com/pglombardo/passwordpusher","last_synced_at":"2026-04-25T00:05:07.221Z","repository":{"id":2121452,"uuid":"3064003","full_name":"pglombardo/PasswordPusher","owner":"pglombardo","description":"🔐   Securely share sensitive information with automatic expiration \u0026 deletion after a set number of views or duration.  Track who, what and when with full audit logs.","archived":false,"fork":false,"pushed_at":"2026-03-10T03:01:39.000Z","size":74497,"stargazers_count":2897,"open_issues_count":139,"forks_count":430,"subscribers_count":25,"default_branch":"master","last_synced_at":"2026-03-10T10:50:36.785Z","etag":null,"topics":["communicate-passwords","docker-container","encryption","file-sharing","hacktoberfest","information-technology","msp","netsec","netsec-tools","password","password-expiration","password-pusher","password-safety","ruby","secret","security","security-tools","self-hosted","upload-file"],"latest_commit_sha":null,"homepage":"https://docs.pwpush.com","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pglombardo.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2011-12-28T17:35:19.000Z","updated_at":"2026-03-10T03:01:41.000Z","dependencies_parsed_at":"2023-01-16T18:30:51.364Z","dependency_job_id":"e6103073-cddd-44cc-a0c7-b917014c0b4a","html_url":"https://github.com/pglombardo/PasswordPusher","commit_stats":{"total_commits":2992,"total_committers":48,"mean_commits":"62.333333333333336","dds":0.5116978609625669,"last_synced_commit":"8c9d0287a4b3948ef31b67ea2497da8f844e711d"},"previous_names":[],"tags_count":394,"template":false,"template_full_name":null,"purl":"pkg:github/pglombardo/PasswordPusher","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pglombardo%2FPasswordPusher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pglombardo%2FPasswordPusher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pglombardo%2FPasswordPusher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pglombardo%2FPasswordPusher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pglombardo","download_url":"https://codeload.github.com/pglombardo/PasswordPusher/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pglombardo%2FPasswordPusher/sbom","scorecard":{"id":481140,"data":{"date":"2025-08-11","repo":{"name":"github.com/pglombardo/PasswordPusher","commit":"29b4b8f8346e584928cd6026f0d9c01d356d8962"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":5.2,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/6 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":0,"reason":"dangerous workflow patterns detected","details":["Warn: untrusted code checkout '${{ github.event_name == 'pull_request_target' \u0026\u0026 format('refs/pull/{0}/head', github.event.pull_request.number) || github.event_name == 'pull_request' \u0026\u0026 github.event.pull_request.head.sha || github.ref }}': .github/workflows/docker-containers.yml:134","Warn: untrusted code checkout '${{ github.event_name == 'pull_request_target' \u0026\u0026 format('refs/pull/{0}/head', github.event.pull_request.number) || github.event_name == 'pull_request' \u0026\u0026 github.event.pull_request.head.sha || github.ref }}': .github/workflows/docker-containers.yml:32","Warn: untrusted code checkout '${{ github.event_name == 'pull_request_target' \u0026\u0026 format('refs/pull/{0}/head', github.event.pull_request.number) || github.event_name == 'pull_request' \u0026\u0026 github.event.pull_request.head.sha || github.ref }}': .github/workflows/docker-containers.yml:83"],"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/brakeman.yml:26","Info: jobLevel 'actions' permission set to 'read': .github/workflows/brakeman.yml:28","Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-drafter.yml:14","Info: topLevel 'contents' permission set to 'read': .github/workflows/brakeman.yml:21","Warn: no topLevel permission defined: .github/workflows/dependabot-auto-merge.yml:1","Warn: no topLevel permission defined: .github/workflows/docker-containers.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/greetings.yml:6","Warn: no topLevel permission defined: .github/workflows/lint-helm.yaml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/release-drafter.yml:9","Warn: no topLevel permission defined: .github/workflows/ruby-tests.yml:1"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/brakeman.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/brakeman.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/brakeman.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/brakeman.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/brakeman.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/brakeman.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dependabot-auto-merge.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/dependabot-auto-merge.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto-merge.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/dependabot-auto-merge.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:135: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:146: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:163: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:99: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:112: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/docker-containers.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/docker-containers.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/greetings.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/greetings.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-helm.yaml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/lint-helm.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-helm.yaml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/lint-helm.yaml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint-helm.yaml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/lint-helm.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-helm.yaml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/lint-helm.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint-helm.yaml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/lint-helm.yaml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-drafter.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/release-drafter.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-tests.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/ruby-tests.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/ruby-tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/ruby-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-tests.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/ruby-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-tests.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/ruby-tests.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ruby-tests.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/pglombardo/PasswordPusher/ruby-tests.yml/master?enable=pin","Warn: containerImage not pinned by hash: containers/docker/Dockerfile:5","Warn: containerImage not pinned by hash: containers/docker/Dockerfile:78: pin your Docker image by updating ruby:3.4.5-alpine to ruby:3.4.5-alpine@sha256:e284f39a2103a564dca9771a81bfecb455b04cd3be4149b133ed7e508ef1b65f","Warn: containerImage not pinned by hash: containers/docker/Dockerfile.public-gateway:1: pin your Docker image by updating pglombardo/pwpush:latest to pglombardo/pwpush:latest@sha256:18eb0bcf4b3cb3c77e1f9f61575676d4f05c37917309265db475ef48eda23b52","Warn: containerImage not pinned by hash: containers/docker/Dockerfile.worker:1: pin your Docker image by updating pglombardo/pwpush:latest to pglombardo/pwpush:latest@sha256:18eb0bcf4b3cb3c77e1f9f61575676d4f05c37917309265db475ef48eda23b52","Info:   0 out of  13 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  22 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/docker-containers.yml:78"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (24) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T16:39:47.951Z","repository_id":2121452,"created_at":"2025-08-19T16:39:47.951Z","updated_at":"2025-08-19T16:39:47.951Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30386973,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T14:10:17.325Z","status":"ssl_error","status_checked_at":"2026-03-11T14:09:37.934Z","response_time":84,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["communicate-passwords","docker-container","encryption","file-sharing","hacktoberfest","information-technology","msp","netsec","netsec-tools","password","password-expiration","password-pusher","password-safety","ruby","secret","security","security-tools","self-hosted","upload-file"],"created_at":"2024-09-25T23:02:50.595Z","updated_at":"2026-04-25T00:05:07.214Z","avatar_url":"https://github.com/pglombardo.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n[![Password Pusher](https://pwpush.fra1.cdn.digitaloceanspaces.com/branding/logos/horizontal-logo-small.png)](https://pwpush.com/)\n\n**Share passwords, text, files \u0026 URLs securely with self-deleting links and full audit logs.**\n\n[![Try it free](https://img.shields.io/badge/Try_it_free-pwpush.com-0ea5e9?style=for-the-badge)](https://pwpush.com)\n[![Documentation](https://img.shields.io/badge/Docs-docs.pwpush.com-64748b?style=for-the-badge)](https://docs.pwpush.com)\n\n[![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/pglombardo/PasswordPusher/ruby-tests.yml?branch=master)](https://github.com/pglombardo/PasswordPusher/actions/workflows/ruby-tests.yml)\n[![GitHub stars](https://img.shields.io/github/stars/pglombardo/PasswordPusher)](https://github.com/pglombardo/PasswordPusher)\n[![Docker pulls](https://img.shields.io/docker/pulls/pglombardo/pwpush)](https://hub.docker.com/r/pglombardo/pwpush)\n[![License](https://img.shields.io/github/license/pglombardo/PasswordPusher)](https://github.com/pglombardo/PasswordPusher/blob/master/LICENSE)\n\n\u003c/div\u003e\n\n---\n\n**v2.0 is released.** If you already self-host, see the **[upgrade guide](UPGRADE-2.0.md)** for migration notes and configuration changes.\n\n---\n\n## What is Password Pusher?\n\n**Password Pusher** is an open source web app for sharing sensitive information safely. You push a password, note, file, or URL; the recipient gets a one-time link that expires after a set number of views and/or time. No more sending secrets over chat or email—encrypted, auditable, and auto-self-destruct.\n\nUse the [hosted service](https://pwpush.com) or run your own instance with Docker in minutes.\n\n---\n\n## Why Password Pusher?\n\n| | |\n|---|---|\n| **🔒 Secure by default** | Encrypted storage, optional passphrase, expiry by views and/or time. Sensitive data is removed entirely once expired. |\n| **📋 Full audit trail** | See when links were created, viewed, and by whom (with logins). |\n| **🏠 Self-host or use hosted** | Use [pwpush.com](https://pwpush.com) or deploy your own—Docker, Kubernetes, Helm, or cloud. |\n| **🌐 Ready for teams** | 31 languages, light/dark theme, JSON API, CLI, and [many integrations](https://docs.pwpush.com/docs/3rd-party-tools/). |\n\n---\n\n## Features\n\n### Security \u0026 privacy\n\n- **Encrypted at rest** — Sensitive data is stored encrypted and deleted when expired.\n- **Expiry controls** — Limit by number of views and/or time; links can require a passphrase.\n- **Two-factor authentication (MFA)** — TOTP (authenticator apps) with backup codes; admins can require MFA instance-wide with `PWP__REQUIRE_MFA=true`.\n- **Audit logging** — Track what was shared and who viewed it (with optional logins).\n- **Unbranded delivery page** — No logos, superfluous text or unrelated links to confuse push recipients.\n\n### Self-host \u0026 customize\n\n- **One-command deploy** — Docker Compose with automatic SSL/TLS\n- **Database or ephemeral** — Use a database for persistence or run stateless.\n- **Admin dashboard** — Manage your instance from a built-in admin UI.\n- **White-label** — Custom theme, logo, site name, and [26 Bootswatch themes](https://docs.pwpush.com/docs/themes/) via env vars.\n- **Custom CSS** — Add your own styles; light/dark follows system preference.\n\n### Integrations \u0026 API\n\n- **JSON API v2** — Modern `/api/v2` endpoints for create/retrieve/audit/active/expired workflows.\n- **Legacy API compatibility** — Existing `/p`, `/f`, `/r` API routes (v1 style) remain available for backwards compatibility.\n- **CLI** — Automate distribution with [CLI tools](https://docs.pwpush.com/docs/3rd-party-tools/) and scripts.\n- **31 languages** — UI and secret-URL pages in 31 languages (courtesy of [Translation.io](https://translation.io/?utm_source=pwpush)).\n\n### Trust \u0026 community\n\n- **Open source** — Apache 2.0; no black box. Written and maintained by [myself](https://github.com/pglombardo) and the team at [Apnotic](https://apnotic.com) with the help of contributors.\n- **14+ years in production** — Used to deliver millions of secrets; [actively maintained](https://github.com/pglombardo/PasswordPusher/graphs/contributors).\n- **Trusted worldwide** — Used by thousands of companies around the globe.\n\n---\n\n## Screenshots\n\n| [![Front page](app/assets/images/features/front-page-thumb.png)](app/assets/images/features/front-page-large.png) | [![Audit log](app/assets/images/features/audit-log-thumb.png)](app/assets/images/features/audit-log-large.png) | [![Languages](app/assets/images/features/secret-url-languages-thumb.png)](app/assets/images/features/secret-url-languages-large.png) |\n|:---:|:---:|:---:|\n| **Create a push** | **Audit log** | **Multi-language URLs** |\n\n| [![Password generator](app/assets/images/features/password-generator-thumb.png)](app/assets/images/features/password-generator-large.png) | [![Dark theme](app/assets/images/features/dark-theme-thumb.png)](app/assets/images/features/dark-theme.gif) | [![Preliminary step](app/assets/images/features/preliminary-step-thumb.png)](app/assets/images/features/preliminary-step.gif) |\n|:---:|:---:|:---:|\n| **Password generator** | **Dark theme** | **Optional preview step** |\n\n---\n\n## Editions\n\n| | **Open source (this repo)** | **Pro (pwpush.com)** |\n|---|---|---|\n| **Try it** | [oss.pwpush.com](https://oss.pwpush.com) | [pwpush.com](https://pwpush.com) |\n| **Use case** | Self-host or use OSS demo | Hosted Pro with extra features |\n| **Details** | Full source here; you deploy or use the OSS demo. | Pro features are [periodically migrated](https://docs.pwpush.com/docs/editions/) to OSS. |\n\n**Feature comparison:** [pwpush.com/features#matrix](https://pwpush.com/features#matrix)\n\n### Self-Hosted Password Pusher Pro\n\nSelf-hosted **Pro** (with licensing) is now available. Pro features not yet in OSS will be available for self-hosted deployments.\n\n---\n\n## Quick Start\n\n### Use the hosted service\n\nNo setup: **[pwpush.com](https://pwpush.com)** — create a push and share the link.\n\n### Run your own instance with Docker Compose\n\n1. Point a DNS record to your server (e.g. `pwpush.example.com`).\n2. Clone this repo or download [docker-compose.yml](https://raw.githubusercontent.com/pglombardo/PasswordPusher/refs/heads/master/docker-compose.yml).\n3. In `docker-compose.yml`, uncomment and set:\n   - `TLS_DOMAIN: 'pwpush.example.com'` (for automatic Let’s Encrypt TLS).\n   - Optionally set `PWPUSH_MASTER_KEY` (see comments in the file; generate at [us.pwpush.com/generate_key](https://us.pwpush.com/generate_key)).\n4. Run:\n\n```bash\ndocker compose up -d\n```\n\nOpen `https://pwpush.example.com`. The Compose file includes persistent storage, health checks, and is suitable for production.\n\n_Note: If you didn't set `TLS_DOMAIN`, uncomment port 5100 and visit the application on http://your-ip:5100_\n\n### Cloud deploy \u0026 contributor setup\n\nThe repo includes ready-to-adapt configs for common platforms and local dev:\n\n| File / path | Use |\n|-------------|-----|\n| [app.json](app.json) | Heroku-style deploy (env vars, `postdeploy` / `db:prepare`, process types). |\n| [.do/deploy.template.yaml](.do/deploy.template.yaml) | [DigitalOcean App Platform](https://docs.digitalocean.com/products/app-platform/) spec (web + job, secrets placeholders). |\n| [render.yaml](render.yaml) | [Render](https://render.com/) Blueprint (web + Postgres, health `/up`; optional worker commented). |\n| [fly.toml](fly.toml) | [Fly.io](https://fly.io/) (`fly launch` — set `app` name; Dockerfile `containers/docker/Dockerfile`). |\n| [railway.toml](railway.toml) | [Railway](https://railway.com/) config-as-code (Dockerfile path; set secrets in dashboard). |\n| [.devcontainer/](.devcontainer/) | VS Code / GitHub Codespaces: Ruby + Postgres, repo mounted at `/workspace`, `bin/setup`. |\n\nProduction image build: [containers/docker/Dockerfile](containers/docker/Dockerfile). Root [docker-compose.yml](docker-compose.yml) uses the published image; [.devcontainer/docker-compose.yml](.devcontainer/docker-compose.yml) is for development with a mounted working tree.\n\n### Use the API, CLI, or integrations\n\nFor API usage, CLI tools, and integrations:\n\n- API v2 docs: [docs.pwpush.com/docs/api-v2](https://docs.pwpush.com/docs/api-v2/)\n- OSS API endpoint reference in-app: `/api/v2/version` and `/api/v2/pushes`\n- 3rd-party tools and CLI integrations: [docs.pwpush.com/docs/3rd-party-tools](https://docs.pwpush.com/docs/3rd-party-tools/)\n\nQuick API v2 smoke test:\n\n```bash\ncurl -s https://YOUR_HOST/api/v2/version\n```\n\n---\n\n## Documentation\n\nFull docs: **[docs.pwpush.com](https://docs.pwpush.com)** — installation, configuration, API, themes, and more.\n\n---\n\n## Language translations\n\n**[Translation.io](https://translation.io/?utm_source=pwpush)** has provided free translation tooling for the OSS version of Password Pusher. The app ships with **31 UI languages**.\n\n[![Translation.io](app/assets/images/partners/translation-io-banner.png)](https://translation.io/?utm_source=pwpush)\n\nConsider [Translation.io](https://translation.io/?utm_source=pwpush) for your company or project’s translation needs.\n\n---\n\n## Credits\n\n### Security researchers\n\n- **Kullai Metikala** — [GitHub](https://github.com/kullaisec) \\| [LinkedIn](https://www.linkedin.com/in/kullai-metikala-8378b122a/)\n- [Positive Technologies](https://global.ptsecurity.com)\n- **Igniter** — [GitHub](https://github.com/igniter07)\n\n### Translators\n\n| Name | Language |\n|------|----------|\n| [Oyale](https://github.com/oyale) | [Catalan](https://pwpush.com/ca), [Spanish](https://pwpush.com/es) |\n| Finn Skaaning | [Danish](https://pwpush.com/da/p/ny) |\n| [Mihail Tchetchelnitski](https://github.com/mtchetch) | [Finnish](https://pwpush.com/fi/p/uusi) |\n| [Thibaut](https://github.com/tibo59) | [French](https://pwpush.com/fr/p/Nouveau) |\n| Thomas Wölk | [German](https://pwpush.com/de/p/neu) — [GitHub](https://github.com/confluencepoint), [Twitter](https://twitter.com/confluencepoint) |\n| Martin Otto | [German](https://pwpush.com/de/p/neu) |\n| Robin Jørgensen | [Norwegian](https://pwpush.com/no/p/ny) |\n| [Łukasz](https://github.com/drpt) | [Polish](https://pwpush.com/pl/p/nowy) |\n| [Jair Henrique](https://github.com/jairhenrique/), [Fabrício Rodrigues](https://www.linkedin.com/in/ifabriciorodrigues/), [Ivan Freitas](https://github.com/IvanMFreitas), Sara Faria | [Portuguese (BR)](https://pwpush.com/pt-br/p/novo) |\n| Pedro Marques | [European Portuguese](https://pwpush.com/pt-pt/p/novo) |\n| johan323, Fredrik Arvas | [Swedish](https://pwpush.com/sv/p/ny) |\n\nThanks also to [Translation.io](https://translation.io) for managing translations (free for open source).\n\n### Containers \u0026 infrastructure\n\n- [@fiskhest](https://github.com/fiskhest) — [Kubernetes manifests](https://github.com/pglombardo/PasswordPusher/tree/master/containers/kubernetes)\n- [@sfarosu](https://github.com/sfarosu) — [Docker, Kubernetes \u0026 OpenShift support](https://github.com/pglombardo/PasswordPusher/pull/82)\n- [sirux88](https://github.com/sirux88) — Docker cleanup and multistage builds\n\n### Other\n\n- [@iandunn](https://github.com/iandunn) — Password form security\n- [Kasper Grubbe](https://github.com/kaspergrubbe) — [JSON POST fix](https://github.com/pglombardo/PasswordPusher/pull/3)\n- [JarvisAndPi](http://www.reddit.com/user/JarvisAndPi) — Favicon design\n\nMore: [Contributors](https://github.com/pglombardo/PasswordPusher/graphs/contributors)\n\n---\n\n## Stay updated\n\n- **Newsletter** — [Sign up](https://buttondown.email/pwpush?tag=github) for release notes, security updates, and tips.\n- **Social** — [X](https://x.com/pwpush), [Reddit](https://www.reddit.com/r/pwpush), [Facebook](https://www.facebook.com/pwpush)\n\n---\n\n## Donations\n\nDonations are **optional**. Password Pusher is and will remain open source and free to use.\n\nIf it’s useful to you and you’d like to support development, donations are greatly appreciated and go toward hosting, maintenance, testing, and new features.\n\n| [![Donate QR](https://pwpush.fra1.cdn.digitaloceanspaces.com/misc/pwpush-donate-stripe-qr-small.png)](https://buy.stripe.com/7sI4gCgTT1tr6WY3cd) | [**Donate via Stripe**](https://buy.stripe.com/7sI4gCgTT1tr6WY3cd) |\n|---|---|\n\nYou can also support the project with a [paid plan on pwpush.com](https://pwpush.com/pricing).\n\n**Note:** Password Pusher is operated by Apnotic, LLC. Donations support the project but are not tax-deductible charitable contributions. See [FAQ](https://docs.pwpush.com/docs/faq/) for more on [Apnotic](https://docs.pwpush.com/docs/faq/#what-is-apnotic) and [trust \u0026 security](https://docs.pwpush.com/docs/faq/#trust-is-a-concern--why-should-i-trust-and-use-password-pusher).\n\n---\n\n## Star history\n\n[![Star History Chart](https://api.star-history.com/svg?repos=pglombardo/PasswordPusher\u0026type=Date)](https://www.star-history.com/#pglombardo/PasswordPusher\u0026Date)\n\n---\n\n## License\n\nThis project is licensed under the **Apache License 2.0**. See [LICENSE](https://github.com/pglombardo/PasswordPusher/blob/master/LICENSE) for details.\n\n---\n\n## Citation\n\n```bibtex\n@misc{PasswordPusher,\n  author = {Peter Giacomo Lombardo},\n  title = {Password Pusher: Securely share sensitive information with automatic expiration and deletion. Track who, what and when with full audit logs.},\n  year = {2026},\n  publisher = {GitHub},\n  howpublished = {\\url{https://github.com/pglombardo/PasswordPusher}}\n}\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpglombardo%2Fpasswordpusher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpglombardo%2Fpasswordpusher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpglombardo%2Fpasswordpusher/lists"}