pglombardo / PasswordPusher

๐Ÿ” An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.

Home Page:https://pwpush.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Password Pusher Front Page

Simple & Secure Password Sharing with Auto-Expiration of Shared Items

GitHub Workflow Status (with event) Dependencies Status Semantic Versions License


Give your users the tools to be secure by default.

Password Pusher is an open source application to communicate passwords over the web. Links to passwords expire after a certain number of views and/or time has passed.

Hosted at pwpush.com but you can also easily run your own private instance with just a few steps.

  • Easy-to-install: Host your own via Docker, a cloud service or just use pwpush.com
  • Open Source: No blackbox code. Only trusted, tested and reviewed open source code.
  • Versatile: Push passwords, text, files or URLs that auto-expire and self delete.
  • Audit logging: Track and control what you've shared and see who has viewed it.
  • Encrypted storage: All sensitive data is stored encrypted and deleted entirely once expired.
  • Host your own: Database backed or ephemeral, easily run your own instance isolated from the world.
  • JSON API: Raw JSON API available for 3rd party tools or command line via curl or wget.
  • Command line interface: Automate your password distribution with CLI tools or custom scripts.
  • Logins: Invite your colleagues and track what is pushed and who retrieved it.
  • Admin Dashboard: Manage your self-hosted instance with a built in admin dashboard.
  • Internationalized: 29 language translations are bundled in. Easily selectable via UI or URL
  • Themes: 26 themes bundled in courtesy of Bootswatch. Select with a simple environment variable.
  • Unbranded delivery page: No logos, superfluous text or unrelated links to confuse end users.
  • Customizable: Change text and default options via environment variables.
  • Light & dark themes: Via CSS @media integration, the default site theme follows your local preferences.
  • Re-Brandable: Customize the site name, tagline and logo to fit your environment.
  • Custom CSS: Bundle in your own custom CSS to add your own design.
  • 10 Years Old: Password Pusher has securely delivered millions and millions of passwords in its 10 year history.
  • Actively Maintained: I happily work for the good karma of the great IT/Security community.
  • Honest Software: Open source written and maintained by me with the help of some great contributors. No organizations, corporations or evil agendas.

๐Ÿ’Œ --> Sign up for the newsletter to get updates on big releases, security issues, new features, integrations, tips and more.

Password Pusher is also on Twitter, Gettr and on Facebook


โšก๏ธ Quick Start

โ†’ Go to pwpush.com and try it out.

or

โ†’ Run your own instance with one command: docker run -d -p "5100:5100" pglombardo/pwpush:release then go to http://localhost:5100

or

โ†’ Use one of the 3rd party tools that interface with Password Pusher.

๐Ÿ’พ Run Your Own Instance

๐ŸŽ‰ ๐ŸŽ‰ ๐ŸŽ‰

We've recently introduced a single universal container. Migration for existing users is easy - please refer to the documentation here.

๐ŸŽ‰ ๐ŸŽ‰ ๐ŸŽ‰

Note: Password Pusher can be largely configured by environment variables so after you pick your deployment method below, make sure to read the configuration page. Take particular attention in setting your own custom encryption key which isn't required but provides the best security for your instance.

On Docker

Docker images of Password Pusher are available on Docker hub.

โžœ ephemeral Temporary database that is wiped on container restart.

docker run -d -p "5100:5100" pglombardo/pwpush:release

Learn more

โžœ using an External Postgres Database Postgres database backed instance.

docker run -d -p "5100:5100" pglombardo/pwpush:release -e DATABASE_URL=postgres://pwpush_user:pwpush_passwd@postgres:5432/pwpush_db

Learn more

โžœ using an External MariaDB (MySQL) Database Mariadb database backed instance.

docker run -d -p "5100:5100" pglombardo/pwpush:release -e DATABASE_URL=mysql2://pwpush_user:pwpush_passwd@mysql:3306/pwpush_db

Learn more

Note: Putting passwords in a command line is bad practice. See the related Database pages for alternative options.

See Also: Guide to DATABASE_URL

Docker Tags Reference

March 2024: The Docker tag strategy will change soon.

The following tables describe the current tag usage and upcoming change.

Current

Tag Purpose
latest The nightly development build
release Stable build
vX.X.X Versioned tags

Upcoming Change

Tag Purpose
latest The latest released vX.X.X
stable The most stable tag for proven releases
vX.X.X Versioned tags
nightly The nightly development build

If in doubt, use latest or a vX.X.X tag.

The release tag will be deprecated soon.

With Docker Compose

โžœ One-liner Password Pusher with a Postgres Database

curl -s -o docker-compose.yml https://raw.githubusercontent.com/pglombardo/PasswordPusher/master/containers/docker/docker-compose-postgres.yml && docker compose up -d

โžœ One-liner Password Pusher with a MariaDB (MySQL) Database

curl -s -o docker-compose.yml https://raw.githubusercontent.com/pglombardo/PasswordPusher/master/containers/docker/docker-compose-mariadb.yml && docker compose up -d

On Kubernetes

Instructions and explanation of a Kubernetes setup can be found here.

On Kubernetes with Helm

A basic helm chart with instructions can be found here.

On Microsoft Azure

There used to be a 3rd party blog post with instructions but it's been deleted. If anyone has instructions they would like to contribute, it would be greatly appreciated.

See issue #277

On Heroku

One click deploy to Heroku Cloud without having to set up servers.

Deploy

This option will deploy a production Password Pusher instance backed by a postgres database to Heroku. Heroku used to offer free dynos but that is no longer the case from November 28, 2022. Hosting charges will be incurred.

On PikaPods

One click deploy to PikaPods from $1/month. Start free with $5 welcome credit.

Run on PikaPods

With Nginx

See the prebuilt Docker Compose example here.

From Source

I generally don't suggest building this application from source code for casual use. The is due to the complexities in the tool set across platforms. Running from source code is best when you plan to develop the application.

For quick and easy, use the Docker containers instead.

But if you're resolute & brave, continue on!

Dependencies

  • Ruby 3.0 or greater
  • Recent Node.js stable & Yarn
  • Compiler tools: gcc g++ make
  • Other: git

SQLite3 backend

  • Make sure to install sqlite3 development libraries: apt install libsqlite3-dev sqlite3
git clone git@github.com:pglombardo/PasswordPusher.git
cd PasswordPusher
gem install bundler

bundle config set --local deployment 'true'
bundle install --without development production test
./bin/rails assets:precompile
./bin/rails db:setup
./bin/rails server

Then view the site @ http://localhost:5100/.

Postgres, MySQL or Mariadb backend

  • Make sure to install related database driver development libraries: e.g. postgres-dev or libmariadb-dev
git clone git@github.com:pglombardo/PasswordPusher.git
cd PasswordPusher
gem install bundler

export RAILS_ENV=production

# Update the following line to point to your Postgres (or MySQL/Mariadb) instance
DATABASE_URL=postgresql://passwordpusher_user:passwordpusher_passwd@postgres:5432/passwordpusher_db

bundle install --without development test
./bin/rails assets:precompile
./bin/rails db:setup
./bin/rails server --environment=production

Then view the site @ http://localhost:5100/.

๐Ÿ”จ 3rd Party Tools

Command Line Utilities

GUIs

Libraries & APIs

  • oyale/PwPush-PHP: a PHP library wrapper to easily push passwords to any Password Pusher instance

Android Apps

Application Integrations

See also the Tools Page on pwpush.com.

๐Ÿ“ก The Password Pusher API

๐Ÿ‡ฎ๐Ÿ‡น Internationalization

Password Pusher is currently available in 29 languages with more languages being added often as volunteers apply.

From within the application, the language is selectable from a language menu. Out of the box and before any language menu selection is done, the default language for the application is English.

Changing the Default Language

The default language can be changed by setting an environment variable with the appropriate language code:

PWP__DEFAULT_LOCALE=es

For more details, a list of supported language codes and further explanation, see the bottom of this configuration file.

๐Ÿ›Ÿ Help Out

pwpush.com is hosted on Digital Ocean and is happily paid out of pocket by myself for more than 10 years.

But you could help out greatly by signing up to Digital Ocean with this link (and get $200 credit). In return, Password Pusher gets a helpful hosting credit.

tldr; Sign up to Digital Ocean with this link, get a $200 credit for free and help Password Pusher out.

DigitalOcean Referral Badge

๐Ÿ“ผ Credits

Translators

Thanks to our great translators!

If you would like to volunteer and assist in translating, see this page.

Name Language
Oyale Catalan
Finn Skaaning Danish
Mihail Tchetchelnitski Finnish
Thibaut French
Thomas Wรถlk German Github, Twitter
Martin Otto German
Robin Jรธrgensen Norwegian
ลukasz Polish
Jair Henrique Portuguese
Fabrรญcio Rodrigues Portuguese
Ivan Freitas Portuguese
Sara Faria Portuguese
Oyale Spanish
johan323 Swedish
Fredrik Arvas Swedish
Pedro Marques European Portuguese

Also thanks to translation.io for their great service in managing translations. It's also generously free for open source projects.

Containers

Thanks to:

Other

Thanks to:

...and many more. See the Contributors page for more details.

๐Ÿ›ก License

License

This project is licensed under the terms of the Apache License 2.0 license. See LICENSE for more details.

๐Ÿ“ƒ Citation

@misc{PasswordPusher,
  author = {Peter Giacomo Lombardo},
  title = {An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed.},
  year = {2024},
  publisher = {GitHub},
  journal = {GitHub repository},
  howpublished = {\url{https://github.com/pglombardo/PasswordPusher}}
}

About

๐Ÿ” An application to securely communicate passwords over the web. Passwords automatically expire after a certain number of views and/or time has passed. Track who, what and when.

https://pwpush.com

License:Apache License 2.0


Languages

Language:Ruby 57.3%Language:HTML 37.4%Language:JavaScript 4.1%Language:Dockerfile 0.6%Language:Smarty 0.3%Language:Shell 0.2%Language:CSS 0.0%Language:Procfile 0.0%