Self-Hosted Configuration

Application General

Environment Variable	Description	Default Value
PWP__SHOW_VERSION	Controls whether the version number is displayed in the footer	true
PWP__SHOW_GDPR_CONSENT_BANNER	Controls the display of the GDPR cookie consent banner	true
PWP__TIMEZONE	Sets the application-wide timezone using a valid timezone string (see note below)	America/New_York
SECRET_KEY_BASE	A secret key used for security features like session cookie encryption and other cryptographic operations. Generate a random key using /opt/PasswordPusher/bin/pwpush secret. See the SECRET_KEY_BASE documentation.	Randomly Generated on boot
TURBO_DRIVE_ENABLED	Controls Turbo Drive functionality. Useful when running behind proxy services or WAF configurations that may interfere with Turbo Drive	true
PWP__NO_WORKER	Disables the launch of background workers in the pglombardo/pwpush Docker container.	Not set
PWP__SECURE_COOKIES	Set to true to enable secure cookies.	false

Tip: A list of valid timezone strings can be found at on Wikipedia.

Logins

To enable logins in your instance of Password Pusher, you must have an SMTP server available to send emails. These emails are sent for events such as password resets, account unlocks, and user registration.

To use logins, you should be running a database-backed version of Password Pusher. While logins may technically work in an ephemeral setup, it is not recommended since all data is wiped with each container restart.

All of the following environment variables must be set for application logins to function properly (except SMTP authentication if not required).

Note: As an alternative to environment variables which can become difficult to maintain, Password Pusher supports configuration via YAML file.

Environment Variable	Description	Default
PWP__ENABLE_LOGINS	Master switch to enable/disable logins.	false
PWP__ALLOW_ANONYMOUS	When false, requires a login to access the front page (for creating new pushes). Secret URLs remain accessible anonymously.	true
PWP__MAIL__RAISE_DELIVERY_ERRORS	Controls whether email delivery errors are displayed in the application.	true
PWP__MAIL__SMTP_ADDRESS	The address of your SMTP mail server (default is “localhost”).	smtp.domain.com
PWP__MAIL__SMTP_PORT	The port number of your SMTP server.	587
PWP__MAIL__SMTP_USER_NAME	Username for SMTP server authentication.	smtp_username
PWP__MAIL__SMTP_PASSWORD	Password for SMTP server authentication.	smtp_password
PWP__MAIL__SMTP_AUTHENTICATION	Type of SMTP authentication: :plain (password sent in clear text), :login (password Base64 encoded), or :cram_md5 (Challenge/Response with MD5 hashing).	plain
PWP__MAIL__SMTP_STARTTLS	Requires STARTTLS when connecting to SMTP server.	true
PWP__MAIL__SMTP_ENABLE_STARTTLS_AUTO	Automatically detects and enables STARTTLS if supported by SMTP server.	true
PWP__MAIL__OPEN_TIMEOUT	Maximum seconds to wait when establishing connection.	10
PWP__MAIL__READ_TIMEOUT	Maximum seconds to wait for read operations.	10
PWP__HOST_DOMAIN	Domain name used to construct full URLs in emails.	pwpush.com
PWP__HOST_PROTOCOL	Protocol (HTTP/HTTPS) used to access your instance. HTTPS recommended.	https
PWP__MAIL__MAILER_SENDER	“From” address used in sent emails.	‘“Company Name” «user@example.com»’
PWP__DISABLE_SIGNUPS	When true, prevents new user account creation. Sign up functionality is completely disabled.	false
PWP__SIGNUP_EMAIL_REGEXP	Regular expression for validating email addresses during signup. Can be customized to restrict domains. Example: \A[^@\s]+@(hey\.com\|gmail\.com)\z. Test expressions at https://rubular.com.	\A[^@\s]+@[^@\s]+\z
PWP__LOGIN_SESSION_TIMEOUT	Duration of user session inactivity before requiring re-authentication. Accepts values like “1 hour”, “2 hours”, “1 day”, “3 weeks”, “1 month”, “1 year”.	“2 hours”

Shell Example

export PWP__ENABLE_LOGINS=true
export PWP__MAIL__RAISE_DELIVERY_ERRORS=true
export PWP__MAIL__SMTP_ADDRESS=smtp.mycompany.org
export PWP__MAIL__SMTP_PORT=587
export PWP__MAIL__SMTP_USER_NAME=yolo
export PWP__MAIL__SMTP_PASSWORD=secret
export PWP__MAIL__SMTP_AUTHENTICATION=plain
export PWP__MAIL__SMTP_STARTTLS=true
export PWP__MAIL__OPEN_TIMEOUT=10
export PWP__MAIL__READ_TIMEOUT=10
export PWP__HOST_DOMAIN=pwpush.mycompany.org
export PWP__HOST_PROTOCOL=https
export PWP__MAIL__MAILER_SENDER='"Spiderman" <thespider@mycompany.org>'

See Also

• See also this Github discussion.
• External Documentation on mailer configuration for the underlying technology if you need more details for configuration issues.

Manually Adding Users

Generally you can use the Administration Dashboard to manage users through your browser but it is also possible to do this manually.

You can manually add users by opening an application console and running the following command:

User.create(email: 'user@example.com', password: 'mypassword', password_confirmation: 'mypassword')

This creates a new user account in the application ready to use.

Other Actions

To manually confirm an account:

user = User.find_by(email: 'user@example.com')
user.confirm

To send the user their confirmation instructions email:

user = User.find_by(email: 'user@example.com')
user.send_confirmation_instructions

To send a reset password insructions email:

user = User.find_by(email: 'user@example.com')
user.send_reset_password_instructions

To irrevocably delete a user:

user = User.find_by(email: 'user@example.com')
user.destroy

Warning: This is destructive and cannot be reversed. Make a backup of your database as a safety precaution.

Pushes

Text Pushes

Push Expiration settings allow you to customize how long and how many times a push can be accessed before it expires. You can set default values, minimum/maximum limits, and control additional features like manual deletion and retrieval steps. These settings help balance security with usability for your users.

The following environment variables are used to configure Push Expiration settings:

Environment Variable	Description	Default Value
PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT	Controls the “Expire After Days” default value in newly created text pushes.	7
PWP__PW__EXPIRE_AFTER_DAYS_MIN	Controls the “Expire After Days” minimum value in newly created text pushes.	1
PWP__PW__EXPIRE_AFTER_DAYS_MAX	Controls the “Expire After Days” maximum value in newly created text pushes.	90
PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT	Controls the “Expire After Views” default value in newly created text pushes.	5
PWP__PW__EXPIRE_AFTER_VIEWS_MIN	Controls the “Expire After Views” minimum value in newly created text pushes.	1
PWP__PW__EXPIRE_AFTER_VIEWS_MAX	Controls the “Expire After Views” maximum value in newly created text pushes.	100
PWP__PW__ENABLE_DELETABLE_PUSHES	Can text pushes be deleted by viewers? When true, text pushes will have a link to optionally delete the push being viewed	false
PWP__PW__DELETABLE_PUSHES_DEFAULT	When the above is true, this sets the default value for the option.	true
PWP__PW__ENABLE_RETRIEVAL_STEP	When true, adds an option to have a preliminary step to retrieve text pushes.	true
PWP__PW__RETRIEVAL_STEP_DEFAULT	Sets the default value for the retrieval step for newly created text pushes.	false
PWP__PW__ENABLE_BLUR	Enables or disables the ‘blur’ effect when showing a text payload to the user.	true

Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.

File Pushes

To enable file uploads (File Pushes) in your instance of Password Pusher, there are a few requirements:

1. you must have logins enabled (see above)
2. specify a place to store uploaded files
3. If you use cloud storage, configure the CORS configuration in your buckets (detailed below)

The following settings enable/disable the feature and specify where to store uploaded files.

This feature can store uploads on local disk (not valid for Docker containers), Amazon S3, Google Cloud Storage or Azure Storage.

Environment Variable	Description	Default Value
PWP__ENABLE_FILE_PUSHES	On/Off switch for File Pushes.	false
PWP__FILES__STORAGE	Chooses the storage area for uploaded files.	local, amazon, google or microsoft
PWP__FILES__ENABLE_BLUR	Enables or disables the ‘blur’ effect when showing a text payload to the user.	true
PWP__FILES__ENABLE_DELETABLE_PUSHES	Can file pushes be deleted by viewers? When true, file pushes will have a link to optionally delete the push being viewed	false
PWP__FILES__DELETABLE_PUSHES_DEFAULT	When the above is true, this sets the default value for the option.	true
PWP__FILES__ENABLE_RETRIEVAL_STEP	When true, adds an option to have a preliminary step to retrieve file pushes.	true
PWP__FILES__RETRIEVAL_STEP_DEFAULT	Sets the default value for the retrieval step for newly created file pushes.	false
PWP__FILES__MAX_FILE_UPLOADS	Sets the maximum number of files that can be added to a single push.	10
PWP__FILES__EXPIRE_AFTER_DAYS_DEFAULT	Controls the “Expire After Days” default value in newly created file pushes.	7
PWP__FILES__EXPIRE_AFTER_DAYS_MIN	Controls the “Expire After Days” minimum value in newly created file pushes.	1
PWP__FILES__EXPIRE_AFTER_DAYS_MAX	Controls the “Expire After Days” maximum value in newly created file pushes.	90
PWP__FILES__EXPIRE_AFTER_VIEWS_DEFAULT	Controls the “Expire After Views” default value in newly created file pushes.	5
PWP__FILES__EXPIRE_AFTER_VIEWS_MIN	Controls the “Expire After Views” minimum value in newly created file pushes.	1
PWP__FILES__EXPIRE_AFTER_VIEWS_MAX	Controls the “Expire After Views” maximum value in newly created file pushes.	100

Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.

Choosing a Storage Backend for File Uploads

When files are attached to a push and uploaded to Password Pusher, they have to be stored somewhere publicly accessible. The available storage options are:

1. Amazon S3 - Store files in Amazon S3 buckets
2. Azure Storage - Store files in Azure Storage containers
3. Backblaze B2 - Store files in Backblaze’s S3-compatible storage
4. Cloudflare R2 - Store files in Cloudflare’s S3-compatible storage
5. Digital Ocean Spaces - Store files in DO’s S3-compatible storage
6. Google Cloud Storage - Store files in Google Cloud Storage buckets
7. Linode Object Storage - Store files in Linode’s S3-compatible storage
8. Local Disk - Store files on the local filesystem
9. MinIO - Store files in self-hosted S3-compatible storage
10. Wasabi - Store files in Wasabi’s S3-compatible storage

The following sections explain how to configure each. Only one configuration can be active at any time.

Amazon S3

To configure the application to store files in an Amazon S3 bucket, you have to:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your S3 bucket (see next section)

Environment Variable	Description	Value(s)
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	S3 Endpoint	None
PWP__FILES__S3__ACCESS_KEY_ID	Access Key ID	None
PWP__FILES__S3__SECRET_ACCESS_KEY	Secret Access Key	None
PWP__FILES__S3__REGION	S3 Region	None
PWP__FILES__S3__BUCKET	The S3 bucket name	None

CORS Configuration

The application performs direct uploads from the browser to your Amazon S3 bucket. This provides better performance and reduces load on the application itself.

For this to work, you have to add a CORS configuration to your bucket.

This direct upload functionality is done using a library called ActiveStorage. For the full documentation on configuring CORS for ActiveStorage, see here.

[
  {
    "AllowedHeaders": [
      "Content-Type",
      "Content-MD5",
      "Content-Disposition"
    ],
    "AllowedMethods": [
      "PUT"
    ],
    "AllowedOrigins": [
      "https://www.example.com"  << Change to your URL
    ],
    "MaxAgeSeconds": 3600
  }
]

Azure Storage

Microsoft Azure Storage is a cloud storage solution that provides object storage through Azure Blob Storage. To configure Password Pusher to use Azure Storage:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your container (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	microsoft
PWP__FILES__AS__STORAGE_ACCOUNT_NAME	Azure Storage Account Name	mystorageaccount
PWP__FILES__AS__STORAGE_ACCESS_KEY	Azure Storage Account Key	storage_account_key
PWP__FILES__AS__CONTAINER	Azure Storage Container Name	pwpush-files

CORS Configuration for Azure Storage

Add the following CORS configuration to your storage account using the Azure Portal or Azure CLI:

<Cors>
  <CorsRule>
    <AllowedOrigins>https://www.example.com</AllowedOrigins>
    <AllowedMethods>PUT</AllowedMethods>
    <AllowedHeaders>Content-Type, Content-MD5, x-ms-blob-content-disposition, x-ms-blob-type</AllowedHeaders>
    <MaxAgeInSeconds>3600</MaxAgeInSeconds>
  </CorsRule>
</Cors>

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the storage container before using it
3. Generate access keys in the Azure Portal
4. Ensure the storage account is accessible from your Password Pusher instance

Backblaze B2

Backblaze B2 is a cost-effective S3-compatible object storage service. To configure Password Pusher to use B2:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your bucket (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	B2 endpoint URL	https://s3.us-west-001.backblazeb2.com
PWP__FILES__S3__ACCESS_KEY_ID	B2 Application Key ID	000000000000000000000001
PWP__FILES__S3__SECRET_ACCESS_KEY	B2 Application Key	K000000000000000000000001
PWP__FILES__S3__REGION	B2 region	us-west-001
PWP__FILES__S3__BUCKET	The B2 bucket name	my-pwpush-files

CORS Configuration for B2

Add the following CORS configuration to your bucket using the B2 web interface:

{
  "corsRules": [
    {
      "allowedOrigins": ["https://www.example.com"],
      "allowedOperations": ["s3_put"],
      "allowedHeaders": ["content-type", "content-md5", "content-disposition"],
      "maxAgeSeconds": 3600
    }
  ]
}

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the bucket before using it
3. Generate an Application Key with appropriate permissions in the B2 dashboard
4. Use the correct endpoint for your bucket’s region

Cloudflare R2

Cloudflare R2 is an S3-compatible object storage service with competitive pricing. To configure Password Pusher to use R2:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your bucket (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	R2 endpoint URL	https://<account_id>.r2.cloudflarestorage.com
PWP__FILES__S3__ACCESS_KEY_ID	R2 Access Key ID	r2_access_key_id
PWP__FILES__S3__SECRET_ACCESS_KEY	R2 Secret Access Key	r2_secret_access_key
PWP__FILES__S3__REGION	R2 region (can be any value)	auto
PWP__FILES__S3__BUCKET	The R2 bucket name	my-pwpush-files

CORS Configuration for R2

Add the following CORS configuration to your bucket using the Cloudflare dashboard:

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "Content-Type",
        "Content-MD5",
        "Content-Disposition"
      ],
      "AllowedMethods": [
        "PUT"
      ],
      "AllowedOrigins": [
        "https://www.example.com"
      ],
      "MaxAgeSeconds": 3600
    }
  ]
}

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the bucket before using it
3. Generate API tokens in the Cloudflare dashboard
4. Replace <account_id> in the endpoint URL with your Cloudflare account ID

Digital Ocean Spaces

Digital Ocean Spaces is an S3-compatible object storage service. To configure Password Pusher to use Spaces:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your Space (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	Spaces endpoint URL	https://nyc3.digitaloceanspaces.com
PWP__FILES__S3__ACCESS_KEY_ID	Spaces Access Key	DO_SPACES_KEY
PWP__FILES__S3__SECRET_ACCESS_KEY	Spaces Secret Key	DO_SPACES_SECRET
PWP__FILES__S3__REGION	Spaces region	nyc3
PWP__FILES__S3__BUCKET	The Space name	my-pwpush-files

CORS Configuration for Spaces

Add the following CORS configuration to your Space using the Digital Ocean API or web interface:

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "Content-Type",
        "Content-MD5",
        "Content-Disposition"
      ],
      "AllowedMethods": [
        "PUT"
      ],
      "AllowedOrigins": [
        "https://www.example.com"
      ],
      "MaxAgeSeconds": 3600
    }
  ]
}

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the Space before using it
3. Generate API keys with appropriate permissions in the Digital Ocean dashboard
4. Use the correct region endpoint (e.g., nyc3, ams3, sgp1, etc.)

Google Cloud Storage

To configure the application to store files in Google Cloud Storage, you have to:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration (see next section)

Environment Variable	Description	Value(s)
PWP__FILES__STORAGE	Storage Provider Selection	google
PWP__FILES__GCS__PROJECT	GCS Project	None
PWP__FILES__GCS__CREDENTIALS	GCS Credentials	None
PWP__FILES__GCS__BUCKET	The GCS bucket name	None

CORS Configuration

The application performs direct uploads from the browser to Google Cloud Storage. This provides better performance and reduces load on the application itself.

For this to work, you have to add a CORS configuration.

This direct upload functionality is done using a library called ActiveStorage. For the full documentation on configuring CORS for ActiveStorage, see here.

[
  {
    "origin": ["https://www.example.com"],
    "method": ["PUT"],
    "responseHeader": ["Content-Type", "Content-MD5", "Content-Disposition"],
    "maxAgeSeconds": 3600
  }
]

Linode Object Storage

Linode Object Storage is an S3-compatible object storage service. To configure Password Pusher to use Linode Object Storage:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your bucket (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	Linode endpoint URL	https://us-east-1.linodeobjects.com
PWP__FILES__S3__ACCESS_KEY_ID	Linode Access Key	linode_access_key
PWP__FILES__S3__SECRET_ACCESS_KEY	Linode Secret Key	linode_secret_key
PWP__FILES__S3__REGION	Linode region	us-east-1
PWP__FILES__S3__BUCKET	The bucket name	my-pwpush-files

CORS Configuration for Linode Object Storage

Add the following CORS configuration to your bucket using the Linode Cloud Manager:

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "Content-Type",
        "Content-MD5",
        "Content-Disposition"
      ],
      "AllowedMethods": [
        "PUT"
      ],
      "AllowedOrigins": [
        "https://www.example.com"
      ],
      "MaxAgeSeconds": 3600
    }
  ]
}

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the bucket before using it
3. Generate access keys in the Linode Cloud Manager
4. Use the correct endpoint for your bucket’s region (e.g., us-east-1, eu-central-1, ap-south-1)

Local Disk

PWP__FILES__STORAGE=local

The default location for local storage is ./storage.

If using containers and you prefer local storage, you can add a volume mount to the container at the path /opt/PasswordPusher/storage:

docker run -d -p "5100:5100" -v /var/lib/pwpush/files:/opt/PasswordPusher/storage pglombardo/pwpush:latest

Note: Please make sure that the directory is writeable by the docker container.

Note: A CORS configuration is not required for local storage.

MinIO

MinIO is an open source, S3-compatible object storage server that can be self-hosted. To configure Password Pusher to use MinIO:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your MinIO server (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	minio
PWP__FILES__S3__ENDPOINT	MinIO server URL	http://minio:9000
PWP__FILES__S3__ACCESS_KEY_ID	MinIO Access Key	minioadmin
PWP__FILES__S3__SECRET_ACCESS_KEY	MinIO Secret Key	minioadmin
PWP__FILES__S3__REGION	Region (can be any value)	us-east-1
PWP__FILES__S3__BUCKET	The MinIO bucket name	pwpush-files

CORS Configuration for MinIO

Add the following CORS configuration to your MinIO server using the MinIO client (mc):

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "Content-Type",
        "Content-MD5",
        "Content-Disposition"
      ],
      "AllowedMethods": [
        "PUT"
      ],
      "AllowedOrigins": [
        "https://www.example.com"
      ],
      "MaxAgeSeconds": 3600
    }
  ]
}

You can apply this configuration using the MinIO client:

mc admin config set myminio cors <<EOF
{
  "CORSRules": [
    {
      "AllowedHeaders": ["Content-Type", "Content-MD5", "Content-Disposition"],
      "AllowedMethods": ["PUT"],
      "AllowedOrigins": ["https://www.example.com"],
      "MaxAgeSeconds": 3600
    }
  ]
}
EOF

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the bucket before using it: mc mb myminio/pwpush-files
3. Ensure MinIO is accessible from your Password Pusher instance

Wasabi

Wasabi is an S3-compatible object storage service often used as a cost-effective alternative to Amazon S3. To configure Password Pusher to use Wasabi:

1. set the required environment variables detailed below (or the equivalent values in settings.yml)
2. apply a CORS configuration to your bucket (see below)

Environment Variable	Description	Example Value
PWP__FILES__STORAGE	Storage Provider Selection	amazon
PWP__FILES__S3__ENDPOINT	Wasabi endpoint URL	https://s3.us-east-1.wasabisys.com
PWP__FILES__S3__ACCESS_KEY_ID	Wasabi Access Key	wasabi_access_key
PWP__FILES__S3__SECRET_ACCESS_KEY	Wasabi Secret Key	wasabi_secret_key
PWP__FILES__S3__REGION	Wasabi region	us-east-1
PWP__FILES__S3__BUCKET	The Wasabi bucket name	my-pwpush-files

CORS Configuration for Wasabi

Add the following CORS configuration to your bucket using the Wasabi console:

{
  "CORSRules": [
    {
      "AllowedHeaders": [
        "Content-Type",
        "Content-MD5",
        "Content-Disposition"
      ],
      "AllowedMethods": [
        "PUT"
      ],
      "AllowedOrigins": [
        "https://www.example.com"
      ],
      "MaxAgeSeconds": 3600
    }
  ]
}

Note: Make sure to:

1. Replace https://www.example.com with your actual domain
2. Create the bucket before using it
3. Generate access keys in the Wasabi console
4. Use the correct endpoint for your bucket’s region

QR Pushes

The following settings control how QR code pushes expire and can be accessed. Configure default values, limits, and optional features like manual deletion and retrieval steps.

The following environment variables are used to configure Push Expiration settings:

Environment Variable	Description	Default Value
PWP__ENABLE_QR_PUSHES	On/Off switch for QR pushes.	false
PWP__QR__EXPIRE_AFTER_DAYS_DEFAULT	Controls the “Expire After Days” default value in newly created QR pushes.	7
PWP__QR__EXPIRE_AFTER_DAYS_MIN	Controls the “Expire After Days” minimum value in newly created QR pushes.	1
PWP__QR__EXPIRE_AFTER_DAYS_MAX	Controls the “Expire After Days” maximum value in newly created QR pushes.	90
PWP__QR__EXPIRE_AFTER_VIEWS_DEFAULT	Controls the “Expire After Views” default value in newly created QR pushes.	5
PWP__QR__EXPIRE_AFTER_VIEWS_MIN	Controls the “Expire After Views” minimum value in newly created QR pushes.	1
PWP__QR__EXPIRE_AFTER_VIEWS_MAX	Controls the “Expire After Views” maximum value in newly created QR pushes.	100
PWP__QR__ENABLE_DELETABLE_PUSHES	Can QR pushes be deleted by viewers? When true, QR pushes will have a link to optionally delete the push being viewed	false
PWP__QR__DELETABLE_PUSHES_DEFAULT	When the above is true, this sets the default value for the option.	true
PWP__QR__ENABLE_RETRIEVAL_STEP	When true, adds an option to have a preliminary step to retrieve QR codes.	true
PWP__QR__RETRIEVAL_STEP_DEFAULT	Sets the default value for the retrieval step for newly created QR pushes.	false

Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.

URL Pushes

Similar to file & QR pushes, URL pushes also require logins to be enabled.

Environment Variable	Description	Default Value
PWP__ENABLE_URL_PUSHES	On/Off switch for URL Pushes.	false
PWP__URL__EXPIRE_AFTER_DAYS_DEFAULT	Controls the “Expire After Days” default value in newly created URL pushes.	7
PWP__URL__EXPIRE_AFTER_DAYS_MIN	Controls the “Expire After Days” minimum value in newly created URL pushes.	1
PWP__URL__EXPIRE_AFTER_DAYS_MAX	Controls the “Expire After Days” maximum value in newly created URL pushes.	90
PWP__URL__EXPIRE_AFTER_VIEWS_DEFAULT	Controls the “Expire After Views” default value in newly created URL pushes.	5
PWP__URL__EXPIRE_AFTER_VIEWS_MIN	Controls the “Expire After Views” minimum value in newly created URL pushes.	1
PWP__URL__EXPIRE_AFTER_VIEWS_MAX	Controls the “Expire After Views” maximum value in newly created URL pushes.	100
PWP__URL__ENABLE_RETRIEVAL_STEP	When true, adds an option to have a preliminary step before being redirected to the payload URL.	true
PWP__URL__RETRIEVAL_STEP_DEFAULT	Sets the default value for the retrieval step for newly created URL pushes.	false

Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.

Password Generator

The Password Pusher password generator is a tool for creating strong, unique, and memorable passwords. This generator allows you to customize the password generation process through a set of environment variables, providing you with complete control over the output.

The following environment variables can be used to customize the password generation process:

Environment Variable	Description	Default Value
PWP__GEN__HAS_NUMBERS	Controls whether generated passwords have numbers	true
PWP__GEN__TITLE_CASED	Controls whether generated passwords will be title cased	true
PWP__GEN__USE_SEPARATORS	Controls whether generated passwords will use separators between syllables	true
PWP__GEN__CONSONANTS	The list of consonants to generate from	bcdfghklmnprstvz
PWP__GEN__VOWELS	The list of vowels to generate from	aeiouy
PWP__GEN__SEPARATORS	If use_separators is enabled above, the list of separators to use (randomly)	-_=
PWP__GEN__MAX_SYLLABLE_LENGTH	The maximum length of each syllable that a generated password can have	3
PWP__GEN__MIN_SYLLABLE_LENGTH	The minimum length of each syllable that a generated password can have	1
PWP__GEN__SYLLABLES_COUNT	The exact number of syllables that a generated password will have	3

By adjusting these environment variables, you can fine-tune the password generation process to suit your specific needs. For example, you can choose to exclude numbers, use a specific set of consonants and vowels, or control the length and number of syllables in the generated password.

Analytics

Password Pusher supports some analytics providers out of the box.

Plausible

Environment Variable	Description
PLAUSIBLE_DOMAIN	Set to the domain in your plausible account.

Google Analytics

Environment Variable	Description
GA_ENABLE	The existence of this variable will enable the Google Analytics for the application.
GA_ACCOUNT	The Google Analytics account id. E.g. UA-XXXXXXXX-X
GA_DOMAIN	The domain where the application is hosted. E.g. pwpush.com

Throttling

Throttling enforces a minimum time interval between subsequent HTTP requests from a particular client, as well as by defining a maximum number of allowed HTTP requests per a given time period (per second, minute, hourly, or daily).

Environment Variable	Description	Default Value
PWP__THROTTLING__MINUTE	The maximum number of allowed HTTP requests per minute	120
PWP__THROTTLING__SECOND	The maximum number of allowed HTTP requests per second	60

Logging

Environment Variable	Description
PWP__LOG_LEVEL	Set the logging level for the application. Valid values are: debug, info, warn, error and fatal. Note: lowercase.
PWP__LOG_TO_STDOUT	Set to ‘true’ to have log output sent to STDOUT instead of log files. Default: false

Forcing SSL Links

Warning: This is a legacy setting and is no longer suggested for use. If using a proxy, make sure to have your proxy forward the X-Forwarded-Host, X-Forwarded-Port and X-Forwarded-Proto HTTP headers. See the “Proxies” section for more information and instructions.

Environment Variable	Description
FORCE_SSL	(Deprecated) The existence of this variable will set config.force_ssl to true and generate HTTPS based secret URLs