OSS Self-Hosted Configuration
How to configure the OSS self-hosted version of Password Pusher...
This guide covers all configuration options for self-hosted Password Pusher installations. Configuration can be set via environment variables or a YAML configuration file.
Quick Navigation:
- Application General - Core application settings
- Logins - User authentication and SMTP configuration
- Push Types - Text, File, QR, and URL push settings
- File Storage - Cloud and local storage configuration
- Other Settings - Password generator, analytics, throttling, logging
Application General
Core application settings that control the basic behavior of Password Pusher.
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__SHOW_VERSION | Controls whether the version number is displayed in the footer | true |
| PWP__SHOW_GDPR_CONSENT_BANNER | Controls the display of the GDPR cookie consent banner | true |
| PWP__TIMEZONE | Sets the application-wide timezone using a valid timezone string (see note below) | America/New_York |
| SECRET_KEY_BASE | A secret key used for security features like session cookie encryption and other cryptographic operations. Generate a random key using /opt/PasswordPusher/bin/pwpush secret. See the SECRET_KEY_BASE documentation. |
Randomly Generated on boot |
| TURBO_DRIVE_ENABLED | Controls Turbo Drive functionality. Useful when running behind proxy services or WAF configurations that may interfere with Turbo Drive | true |
| PWP__NO_WORKER | Disables the launch of background workers in the pglombardo/pwpush Docker container. |
Not set |
| PWP__SECURE_COOKIES | Set to true to enable secure cookies. |
false |
| PWP__PURGE_AFTER | Set the time after which expired pushes are permanently deleted. Accepts values like “3 months”, “6 months”, “1 year”, “2 years”. | disabled |
| TLS_DOMAIN | A domain to automatically provision a TLS (SSL) certificate for the application. | None |
Tip: A list of valid timezone strings can be found at on Wikipedia.
Logins
To enable logins in your instance of Password Pusher, you must have an SMTP server available to send emails. These emails are sent for events such as password resets, account unlocks, and user registration.
To use logins, you should be running a database-backed version of Password Pusher. While logins may technically work in an ephemeral setup, it is not recommended since all data is wiped with each container restart.
All of the following environment variables must be set for application logins to function properly (except SMTP authentication if not required).
Note: As an alternative to environment variables which can become difficult to maintain, Password Pusher supports configuration via YAML file.
| Environment Variable | Description | Default |
|---|---|---|
| PWP__ENABLE_LOGINS | Master switch to enable/disable logins. | false |
| PWP__ALLOW_ANONYMOUS | When false, requires a login to access the front page (for creating new pushes). Secret URLs remain accessible anonymously. | true |
| PWP__MAIL__RAISE_DELIVERY_ERRORS | Controls whether email delivery errors are displayed in the application. | true |
| PWP__MAIL__SMTP_ADDRESS | The address of your SMTP mail server (default is “localhost”). | smtp.domain.com |
| PWP__MAIL__SMTP_PORT | The port number of your SMTP server. | 587 |
| PWP__MAIL__SMTP_USER_NAME | Username for SMTP server authentication. | smtp_username |
| PWP__MAIL__SMTP_PASSWORD | Password for SMTP server authentication. | smtp_password |
| PWP__MAIL__SMTP_AUTHENTICATION | Type of SMTP authentication: :plain (password sent in clear text), :login (password Base64 encoded), or :cram_md5 (Challenge/Response with MD5 hashing). |
plain |
| PWP__MAIL__SMTP_STARTTLS | Requires STARTTLS when connecting to SMTP server. | true |
| PWP__MAIL__SMTP_ENABLE_STARTTLS_AUTO | Automatically detects and enables STARTTLS if supported by SMTP server. | true |
| PWP__MAIL__OPEN_TIMEOUT | Maximum seconds to wait when establishing connection. | 10 |
| PWP__MAIL__READ_TIMEOUT | Maximum seconds to wait for read operations. | 10 |
| PWP__HOST_DOMAIN | Domain name used to construct full URLs in emails. | pwpush.com |
| PWP__HOST_PROTOCOL | Protocol (HTTP/HTTPS) used to access your instance. HTTPS recommended. | https |
| PWP__MAIL__MAILER_SENDER | “From” address used in sent emails. | ‘“Company Name” «user@example.com»’ |
| PWP__DISABLE_SIGNUPS | When true, prevents new user account creation. Sign up functionality is completely disabled. | false |
| PWP__SIGNUP_EMAIL_REGEXP | Regular expression for validating email addresses during signup. Can be customized to restrict domains. Example: \A[^@\s]+@(hey\.com\|gmail\.com)\z. Test expressions at https://rubular.com. |
\A[^@\s]+@[^@\s]+\z |
| PWP__LOGIN_SESSION_TIMEOUT | Duration of user session inactivity before requiring re-authentication. Accepts values like “1 hour”, “2 hours”, “1 day”, “3 weeks”, “1 month”, “1 year”. | “2 hours” |
Shell Example
export PWP__ENABLE_LOGINS=true
export PWP__MAIL__RAISE_DELIVERY_ERRORS=true
export PWP__MAIL__SMTP_ADDRESS=smtp.mycompany.org
export PWP__MAIL__SMTP_PORT=587
export PWP__MAIL__SMTP_USER_NAME=yolo
export PWP__MAIL__SMTP_PASSWORD=secret
export PWP__MAIL__SMTP_AUTHENTICATION=plain
export PWP__MAIL__SMTP_STARTTLS=true
export PWP__MAIL__OPEN_TIMEOUT=10
export PWP__MAIL__READ_TIMEOUT=10
export PWP__HOST_DOMAIN=pwpush.mycompany.org
export PWP__HOST_PROTOCOL=https
export PWP__MAIL__MAILER_SENDER='"Spiderman" <thespider@mycompany.org>'
See Also
- See also this Github discussion.
- External Documentation on mailer configuration for the underlying technology if you need more details for configuration issues.
Managing Users
Generally you can use the Administration Dashboard to manage users through your browser but it is also possible to do this manually via the application console.
Creating Users
User.create(email: 'user@example.com', password: 'mypassword', password_confirmation: 'mypassword')
Confirming Accounts
user = User.find_by(email: 'user@example.com')
user.confirm
Sending Confirmation Instructions
user = User.find_by(email: 'user@example.com')
user.send_confirmation_instructions
Sending Password Reset Email
user = User.find_by(email: 'user@example.com')
user.send_reset_password_instructions
Deleting Users
user = User.find_by(email: 'user@example.com')
user.destroy
Warning: This is destructive and cannot be reversed. This action is cascading, meaning all pushes owned by that user will also be deleted. Make a backup of your database as a safety precaution.
Pushes
Password Pusher supports multiple push types: Text, Files, QR Codes, and URLs. Each type has its own configuration options for expiration, views, and behavior.
Text Pushes
Push Expiration settings allow you to customize how long and how many times a push can be accessed before it expires. You can set default values, minimum/maximum limits, and control additional features like manual deletion and retrieval steps.
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT | Controls the “Expire After Days” default value in newly created text pushes. | 7 |
| PWP__PW__EXPIRE_AFTER_DAYS_MIN | Controls the “Expire After Days” minimum value in newly created text pushes. | 1 |
| PWP__PW__EXPIRE_AFTER_DAYS_MAX | Controls the “Expire After Days” maximum value in newly created text pushes. | 90 |
| PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT | Controls the “Expire After Views” default value in newly created text pushes. | 5 |
| PWP__PW__EXPIRE_AFTER_VIEWS_MIN | Controls the “Expire After Views” minimum value in newly created text pushes. | 1 |
| PWP__PW__EXPIRE_AFTER_VIEWS_MAX | Controls the “Expire After Views” maximum value in newly created text pushes. | 100 |
| PWP__PW__ENABLE_DELETABLE_PUSHES | Can text pushes be deleted by viewers? When true, text pushes will have a link to optionally delete the push being viewed | false |
| PWP__PW__DELETABLE_PUSHES_DEFAULT | When the above is true, this sets the default value for the option. |
true |
| PWP__PW__ENABLE_RETRIEVAL_STEP | When true, adds an option to have a preliminary step to retrieve text pushes. |
true |
| PWP__PW__RETRIEVAL_STEP_DEFAULT | Sets the default value for the retrieval step for newly created text pushes. | false |
| PWP__PW__ENABLE_BLUR | Enables or disables the ‘blur’ effect when showing a text payload to the user. | true |
Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.
File Pushes
To enable file uploads (File Pushes) in your instance of Password Pusher, there are a few requirements:
- You must have logins enabled (see Logins)
- You must specify a storage backend for uploaded files
- If using cloud storage, configure CORS in your buckets (see storage backend sections)
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__ENABLE_FILE_PUSHES | On/Off switch for File Pushes. | false |
| PWP__FILES__STORAGE | Chooses the storage backend for uploaded files. | local, amazon, google or microsoft |
| PWP__FILES__ENABLE_BLUR | Enables or disables the ‘blur’ effect when showing a text payload to the user. | true |
| PWP__FILES__ENABLE_DELETABLE_PUSHES | Can file pushes be deleted by viewers? When true, file pushes will have a link to optionally delete the push being viewed | false |
| PWP__FILES__DELETABLE_PUSHES_DEFAULT | When the above is true, this sets the default value for the option. |
true |
| PWP__FILES__ENABLE_RETRIEVAL_STEP | When true, adds an option to have a preliminary step to retrieve file pushes. |
true |
| PWP__FILES__RETRIEVAL_STEP_DEFAULT | Sets the default value for the retrieval step for newly created file pushes. | false |
| PWP__FILES__MAX_FILE_UPLOADS | Sets the maximum number of files that can be added to a single push. | 10 |
| PWP__FILES__EXPIRE_AFTER_DAYS_DEFAULT | Controls the “Expire After Days” default value in newly created file pushes. | 7 |
| PWP__FILES__EXPIRE_AFTER_DAYS_MIN | Controls the “Expire After Days” minimum value in newly created file pushes. | 1 |
| PWP__FILES__EXPIRE_AFTER_DAYS_MAX | Controls the “Expire After Days” maximum value in newly created file pushes. | 90 |
| PWP__FILES__EXPIRE_AFTER_VIEWS_DEFAULT | Controls the “Expire After Views” default value in newly created file pushes. | 5 |
| PWP__FILES__EXPIRE_AFTER_VIEWS_MIN | Controls the “Expire After Views” minimum value in newly created file pushes. | 1 |
| PWP__FILES__EXPIRE_AFTER_VIEWS_MAX | Controls the “Expire After Views” maximum value in newly created file pushes. | 100 |
Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.
QR Pushes
The following settings control how QR code pushes expire and can be accessed.
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__ENABLE_QR_PUSHES | On/Off switch for QR pushes. | false |
| PWP__QR__EXPIRE_AFTER_DAYS_DEFAULT | Controls the “Expire After Days” default value in newly created QR pushes. | 7 |
| PWP__QR__EXPIRE_AFTER_DAYS_MIN | Controls the “Expire After Days” minimum value in newly created QR pushes. | 1 |
| PWP__QR__EXPIRE_AFTER_DAYS_MAX | Controls the “Expire After Days” maximum value in newly created QR pushes. | 90 |
| PWP__QR__EXPIRE_AFTER_VIEWS_DEFAULT | Controls the “Expire After Views” default value in newly created QR pushes. | 5 |
| PWP__QR__EXPIRE_AFTER_VIEWS_MIN | Controls the “Expire After Views” minimum value in newly created QR pushes. | 1 |
| PWP__QR__EXPIRE_AFTER_VIEWS_MAX | Controls the “Expire After Views” maximum value in newly created QR pushes. | 100 |
| PWP__QR__ENABLE_DELETABLE_PUSHES | Can QR pushes be deleted by viewers? When true, QR pushes will have a link to optionally delete the push being viewed | false |
| PWP__QR__DELETABLE_PUSHES_DEFAULT | When the above is true, this sets the default value for the option. |
true |
| PWP__QR__ENABLE_RETRIEVAL_STEP | When true, adds an option to have a preliminary step to retrieve QR codes. |
true |
| PWP__QR__RETRIEVAL_STEP_DEFAULT | Sets the default value for the retrieval step for newly created QR pushes. | false |
Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.
URL Pushes
Similar to file & QR pushes, URL pushes also require logins to be enabled.
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__ENABLE_URL_PUSHES | On/Off switch for URL Pushes. | false |
| PWP__URL__EXPIRE_AFTER_DAYS_DEFAULT | Controls the “Expire After Days” default value in newly created URL pushes. | 7 |
| PWP__URL__EXPIRE_AFTER_DAYS_MIN | Controls the “Expire After Days” minimum value in newly created URL pushes. | 1 |
| PWP__URL__EXPIRE_AFTER_DAYS_MAX | Controls the “Expire After Days” maximum value in newly created URL pushes. | 90 |
| PWP__URL__EXPIRE_AFTER_VIEWS_DEFAULT | Controls the “Expire After Views” default value in newly created URL pushes. | 5 |
| PWP__URL__EXPIRE_AFTER_VIEWS_MIN | Controls the “Expire After Views” minimum value in newly created URL pushes. | 1 |
| PWP__URL__EXPIRE_AFTER_VIEWS_MAX | Controls the “Expire After Views” maximum value in newly created URL pushes. | 100 |
| PWP__URL__ENABLE_RETRIEVAL_STEP | When true, adds an option to have a preliminary step before being redirected to the payload URL. |
true |
| PWP__URL__RETRIEVAL_STEP_DEFAULT | Sets the default value for the retrieval step for newly created URL pushes. | false |
Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.
File Storage Backends
When files are attached to a push and uploaded to Password Pusher, they must be stored somewhere accessible. Password Pusher supports multiple storage backends:
| Backend | Type | Notes |
|---|---|---|
| Local Disk | Self-hosted | Simple setup, requires volume mount for Docker |
| Amazon S3 | Cloud | Native AWS integration |
| Google Cloud Storage | Cloud | Native GCS integration |
| Azure Storage | Cloud | Native Azure integration |
| MinIO | Self-hosted | S3-compatible, open source |
| Backblaze B2 | Cloud | S3-compatible, cost-effective |
| Cloudflare R2 | Cloud | S3-compatible, no egress fees |
| Digital Ocean Spaces | Cloud | S3-compatible |
| Linode Object Storage | Cloud | S3-compatible |
| Wasabi | Cloud | S3-compatible, cost-effective |
Note: Only one storage configuration can be active at any time.
Warning: For existing installations with file uploads, changing your storage provider will make all previously uploaded files inaccessible. File references in the database will point to the old storage location, which the new provider cannot access. This does not apply to new installations.
Understanding CORS for Cloud Storage
Password Pusher performs direct uploads from the user’s browser to your cloud storage bucket. This improves performance and reduces load on the application server.
For direct uploads to work, you must configure Cross-Origin Resource Sharing (CORS) on your storage bucket. CORS is a browser security feature that blocks requests to different domains unless explicitly allowed.
Required CORS settings for all cloud providers:
- AllowedOrigins: Your Password Pusher domain(s) (e.g.,
https://pwpush.example.com) - AllowedMethods:
PUT - AllowedHeaders:
Content-Type,Content-MD5,Content-Disposition - MaxAgeSeconds:
3600(1 hour, reduces preflight requests)
Tip: If your app is accessible from multiple domains (e.g., https://example.com and https://www.example.com), include all domains in AllowedOrigins.
Local Disk
The simplest option for self-hosted installations. Files are stored on the local filesystem.
PWP__FILES__STORAGE=local
The default storage location is ./storage. For Docker containers, add a volume mount:
docker run -d -p "80:80" -p "443:443" \
-v /var/lib/pwpush/files:/opt/PasswordPusher/storage \
pglombardo/pwpush:latest
Note: Ensure the directory is writable by the Docker container.
Note: CORS configuration is not required for local storage.
Amazon S3
To store files in Amazon S3:
- Set the required environment variables below
- Apply a CORS configuration to your S3 bucket
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | S3 endpoint (optional for AWS) | None |
| PWP__FILES__S3__ACCESS_KEY_ID | Access Key ID | AKIAIOSFODNN7EXAMPLE |
| PWP__FILES__S3__SECRET_ACCESS_KEY | Secret Access Key | wJalrXUtnFEMI/K7MDENG... |
| PWP__FILES__S3__REGION | S3 Region | us-east-1 |
| PWP__FILES__S3__BUCKET | S3 bucket name | my-pwpush-files |
Amazon S3 CORS
Add this CORS configuration to your S3 bucket via the AWS Console (Bucket → Permissions → CORS) or using the AWS CLI:
aws s3api put-bucket-cors --bucket your-bucket-name --cors-configuration file://cors.json
Where cors.json contains:
[
{
"AllowedHeaders": [
"Content-Type",
"Content-MD5",
"Content-Disposition"
],
"AllowedMethods": [
"PUT"
],
"AllowedOrigins": [
"https://www.example.com"
],
"MaxAgeSeconds": 3600
}
]
Note: Replace https://www.example.com with your actual domain. For multiple domains, add each to the AllowedOrigins array.
For more details, see the ActiveStorage CORS documentation.
Google Cloud Storage
To store files in Google Cloud Storage:
- Set the required environment variables below
- Apply a CORS configuration to your bucket
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | google |
| PWP__FILES__GCS__PROJECT | GCS Project ID | my-project-id |
| PWP__FILES__GCS__CREDENTIALS | GCS credentials JSON | {"type":"service_account",...} |
| PWP__FILES__GCS__BUCKET | GCS bucket name | my-pwpush-files |
Google Cloud Storage CORS
Add this CORS configuration to your bucket using gsutil:
gsutil cors set cors.json gs://your-bucket-name
Where cors.json contains:
[
{
"origin": ["https://www.example.com"],
"method": ["PUT"],
"responseHeader": ["Content-Type", "Content-MD5", "Content-Disposition"],
"maxAgeSeconds": 3600
}
]
Note: Replace https://www.example.com with your actual domain. If using cache_control settings in your storage configuration, also add "Cache-Control" to responseHeader.
Azure Storage
Microsoft Azure Blob Storage configuration:
- Set the required environment variables below
- Apply a CORS configuration to your container
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | microsoft |
| PWP__FILES__AS__STORAGE_ACCOUNT_NAME | Azure Storage Account Name | mystorageaccount |
| PWP__FILES__AS__STORAGE_ACCESS_KEY | Azure Storage Account Key | storage_account_key |
| PWP__FILES__AS__CONTAINER | Azure Storage Container Name | pwpush-files |
Azure Storage CORS
Add this CORS configuration in the Azure Portal under Storage Account → Resource sharing (CORS) → Blob service:
| Setting | Value |
|---|---|
| Allowed origins | https://www.example.com |
| Allowed methods | PUT |
| Allowed headers | Content-Type, Content-MD5, x-ms-blob-content-disposition, x-ms-blob-type |
| Exposed headers | * |
| Max age | 3600 |
Or using Azure CLI:
az storage cors add --services b --methods PUT \
--origins "https://www.example.com" \
--allowed-headers "Content-Type,Content-MD5,x-ms-blob-content-disposition,x-ms-blob-type" \
--exposed-headers "*" \
--max-age 3600 \
--account-name your-storage-account
Note: Replace https://www.example.com with your actual domain. Create the container and generate access keys in the Azure Portal before use.
MinIO
MinIO is an open source, S3-compatible object storage server for self-hosting.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | minio |
| PWP__FILES__S3__ENDPOINT | MinIO server URL | http://minio:9000 |
| PWP__FILES__S3__ACCESS_KEY_ID | MinIO Access Key | minioadmin |
| PWP__FILES__S3__SECRET_ACCESS_KEY | MinIO Secret Key | minioadmin |
| PWP__FILES__S3__REGION | Region (can be any value) | us-east-1 |
| PWP__FILES__S3__BUCKET | MinIO bucket name | pwpush-files |
MinIO CORS
Apply this configuration using the MinIO client (mc):
mc admin config set myminio cors <<EOF
{
"CORSRules": [
{
"AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
"AllowedMethods": ["PUT"],
"AllowedOrigins": ["https://www.example.com"],
"MaxAgeSeconds": 3600
}
]
}
EOF
Create the bucket before using: mc mb myminio/pwpush-files
Backblaze B2
Backblaze B2 is a cost-effective S3-compatible storage service.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | B2 endpoint URL | https://s3.us-west-001.backblazeb2.com |
| PWP__FILES__S3__ACCESS_KEY_ID | B2 Application Key ID | 000000000000000000000001 |
| PWP__FILES__S3__SECRET_ACCESS_KEY | B2 Application Key | K000000000000000000000001 |
| PWP__FILES__S3__REGION | B2 region | us-west-001 |
| PWP__FILES__S3__BUCKET | B2 bucket name | my-pwpush-files |
Backblaze B2 CORS
Add this CORS configuration using the B2 web interface:
{
"corsRules": [
{
"allowedOrigins": ["https://www.example.com"],
"allowedOperations": ["s3_put"],
"allowedHeaders": ["content-type", "content-md5", "content-disposition"],
"maxAgeSeconds": 3600
}
]
}
Note: Create the bucket and generate an Application Key with appropriate permissions in the B2 dashboard before use.
Cloudflare R2
Cloudflare R2 is an S3-compatible storage service with no egress fees.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | R2 endpoint URL | https://<account_id>.r2.cloudflarestorage.com |
| PWP__FILES__S3__ACCESS_KEY_ID | R2 Access Key ID | r2_access_key_id |
| PWP__FILES__S3__SECRET_ACCESS_KEY | R2 Secret Access Key | r2_secret_access_key |
| PWP__FILES__S3__REGION | R2 region (can be any value) | auto |
| PWP__FILES__S3__BUCKET | R2 bucket name | my-pwpush-files |
Cloudflare R2 CORS
Add this CORS configuration using the Cloudflare dashboard:
{
"CORSRules": [
{
"AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
"AllowedMethods": ["PUT"],
"AllowedOrigins": ["https://www.example.com"],
"MaxAgeSeconds": 3600
}
]
}
Note: Replace <account_id> in the endpoint URL with your Cloudflare account ID.
Digital Ocean Spaces
Digital Ocean Spaces is an S3-compatible object storage service.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | Spaces endpoint URL | https://nyc3.digitaloceanspaces.com |
| PWP__FILES__S3__ACCESS_KEY_ID | Spaces Access Key | DO_SPACES_KEY |
| PWP__FILES__S3__SECRET_ACCESS_KEY | Spaces Secret Key | DO_SPACES_SECRET |
| PWP__FILES__S3__REGION | Spaces region | nyc3 |
| PWP__FILES__S3__BUCKET | Space name | my-pwpush-files |
Digital Ocean Spaces CORS
Add this CORS configuration using the Digital Ocean API or web interface:
{
"CORSRules": [
{
"AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
"AllowedMethods": ["PUT"],
"AllowedOrigins": ["https://www.example.com"],
"MaxAgeSeconds": 3600
}
]
}
Note: Use the correct region endpoint (e.g., nyc3, ams3, sgp1).
Linode Object Storage
Linode Object Storage is an S3-compatible storage service.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | Linode endpoint URL | https://us-east-1.linodeobjects.com |
| PWP__FILES__S3__ACCESS_KEY_ID | Linode Access Key | linode_access_key |
| PWP__FILES__S3__SECRET_ACCESS_KEY | Linode Secret Key | linode_secret_key |
| PWP__FILES__S3__REGION | Linode region | us-east-1 |
| PWP__FILES__S3__BUCKET | Bucket name | my-pwpush-files |
Linode Object Storage CORS
Add this CORS configuration using the Linode Cloud Manager:
{
"CORSRules": [
{
"AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
"AllowedMethods": ["PUT"],
"AllowedOrigins": ["https://www.example.com"],
"MaxAgeSeconds": 3600
}
]
}
Note: Use the correct endpoint for your bucket’s region (e.g., us-east-1, eu-central-1, ap-south-1).
Wasabi
Wasabi is an S3-compatible storage service often used as a cost-effective alternative to Amazon S3.
| Environment Variable | Description | Example |
|---|---|---|
| PWP__FILES__STORAGE | Storage provider selection | amazon |
| PWP__FILES__S3__ENDPOINT | Wasabi endpoint URL | https://s3.us-east-1.wasabisys.com |
| PWP__FILES__S3__ACCESS_KEY_ID | Wasabi Access Key | wasabi_access_key |
| PWP__FILES__S3__SECRET_ACCESS_KEY | Wasabi Secret Key | wasabi_secret_key |
| PWP__FILES__S3__REGION | Wasabi region | us-east-1 |
| PWP__FILES__S3__BUCKET | Wasabi bucket name | my-pwpush-files |
Wasabi CORS
Add this CORS configuration using the Wasabi console:
{
"CORSRules": [
{
"AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
"AllowedMethods": ["PUT"],
"AllowedOrigins": ["https://www.example.com"],
"MaxAgeSeconds": 3600
}
]
}
Note: Use the correct endpoint for your bucket’s region.
Password Generator
The Password Pusher password generator is a tool for creating strong, unique, and memorable passwords. Customize the generation process using these environment variables:
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__GEN__HAS_NUMBERS | Controls whether generated passwords have numbers | true |
| PWP__GEN__TITLE_CASED | Controls whether generated passwords will be title cased | true |
| PWP__GEN__USE_SEPARATORS | Controls whether generated passwords will use separators between syllables | true |
| PWP__GEN__CONSONANTS | The list of consonants to generate from | bcdfghklmnprstvz |
| PWP__GEN__VOWELS | The list of vowels to generate from | aeiouy |
| PWP__GEN__SEPARATORS | If use_separators is enabled above, the list of separators to use (randomly) |
-_= |
| PWP__GEN__MAX_SYLLABLE_LENGTH | The maximum length of each syllable that a generated password can have | 3 |
| PWP__GEN__MIN_SYLLABLE_LENGTH | The minimum length of each syllable that a generated password can have | 1 |
| PWP__GEN__SYLLABLES_COUNT | The exact number of syllables that a generated password will have | 3 |
Analytics
Password Pusher supports analytics providers out of the box.
Plausible
| Environment Variable | Description |
|---|---|
| PLAUSIBLE_DOMAIN | Set to the domain in your Plausible account. |
Google Analytics
| Environment Variable | Description |
|---|---|
| GA_ENABLE | The existence of this variable will enable Google Analytics for the application. |
| GA_ACCOUNT | The Google Analytics account id (e.g., UA-XXXXXXXX-X). |
| GA_DOMAIN | The domain where the application is hosted (e.g., pwpush.com). |
Throttling
Throttling enforces a minimum time interval between subsequent HTTP requests from a particular client, as well as defining a maximum number of allowed HTTP requests per time period.
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__THROTTLING__MINUTE | Maximum allowed HTTP requests per minute | 120 |
| PWP__THROTTLING__SECOND | Maximum allowed HTTP requests per second | 60 |
Logging
| Environment Variable | Description | Default |
|---|---|---|
| PWP__LOG_LEVEL | Set the logging level. Valid values: debug, info, warn, error, fatal (lowercase). |
info |
| PWP__LOG_TO_STDOUT | Set to true to send log output to STDOUT instead of log files. |
false |
Forcing SSL Links
Warning: This is a legacy setting and is no longer suggested for use. If using a proxy, ensure your proxy forwards the X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Proto HTTP headers. See the Proxies documentation for more information.
| Environment Variable | Description |
|---|---|
| FORCE_SSL | (Deprecated) Setting this variable will set config.force_ssl to true and generate HTTPS-based secret URLs. |