Configuring Text Based Pushes
The Push Expiration settings control the behavior of push expiration in your application. These settings are used to configure the default values and limits for expiration, as well as enable or disable features related to push deletion and retrieval.
Environment Variables
The following environment variables are used to configure Push Expiration settings:
| Environment Variable | Description | Default Value |
|---|---|---|
| PWP__PW__EXPIRE_AFTER_DAYS_DEFAULT | Controls the “Expire After Days” default value in Password#new | 7 |
| PWP__PW__EXPIRE_AFTER_DAYS_MIN | Controls the “Expire After Days” minimum value in Password#new | 1 |
| PWP__PW__EXPIRE_AFTER_DAYS_MAX | Controls the “Expire After Days” maximum value in Password#new | 90 |
| PWP__PW__EXPIRE_AFTER_VIEWS_DEFAULT | Controls the “Expire After Views” default value in Password#new | 5 |
| PWP__PW__EXPIRE_AFTER_VIEWS_MIN | Controls the “Expire After Views” minimum value in Password#new | 1 |
| PWP__PW__EXPIRE_AFTER_VIEWS_MAX | Controls the “Expire After Views” maximum value in Password#new | 100 |
| PWP__PW__ENABLE_DELETABLE_PUSHES | Can passwords be deleted by viewers? When true, passwords will have a link to optionally delete the password being viewed | false |
| PWP__PW__DELETABLE_PUSHES_DEFAULT | When the above is true, this sets the default value for the option. |
true |
| PWP__PW__ENABLE_RETRIEVAL_STEP | When true, adds an option to have a preliminary step to retrieve passwords. |
true |
| PWP__PW__RETRIEVAL_STEP_DEFAULT | Sets the default value for the retrieval step for newly created passwords. | false |
| PWP__PW__ENABLE_BLUR | Enables or disables the ‘blur’ effect when showing a push payload to the user. | true |
Note: Remember that instead of environment variables, which can get hard to maintain, Password Pusher also supports configuration by YAML file.
Tips & Best Practices
The best defense in terms of information security are:
- Compartmentalization: Send usernames, passwords and login locations in separate pushes.
- Minimize Exposure: Use short expiration values and allow users to delete retrieved pushes.
Note: All content and files of the push are deleted entirely on expiration.
Note: An audit log of activity is kept and available indefinitely for logged in users.