Password Pusher

Open-source ephemeral secret sharing, honestly reviewed. No marketing fluff, just what you get when you stop emailing passwords in plaintext.

TL;DR

• What it is: Open-source (Apache 2.0) web app for sharing passwords, text, files, and URLs via self-destructing links that expire after a set number of views or time period [4][5].
• Who it’s for: IT teams, sysadmins, small business owners, and anyone who currently shares credentials via email, Slack, or SMS and knows it’s wrong but hasn’t found a cleaner fix [1][5].
• Cost savings: The open-source edition is free to self-host. A VPS to run it costs $5–10/month. The hosted service at pwpush.com has a free tier for basic use. Either way, you eliminate the risk cost of credential leaks traveling through third-party servers.
• Key strength: It does one thing and does it well. Push a secret, get a link, the link dies after N views or N days. Fourteen years in production, millions of secrets delivered, actively maintained [4][5].
• Key weakness: The interesting features — file sharing, secure requests, custom domains, team collaboration — are gated behind the hosted paid tiers or a self-hosted Pro license. The free OSS edition covers text and URL pushes but not file sharing [3].

---

What is Password Pusher

Password Pusher is a web app that solves a specific, painful problem: how do you hand someone a password without sending it in a format that lives forever in email threads, chat logs, or someone’s screenshots?

The answer is a one-time link. You paste a password (or file, or URL, or any text) into Password Pusher, set expiry controls, and it generates a link. You send the link — not the password — to the recipient. They open it, see the secret, and the link is invalidated after the configured number of views or days, whichever comes first. No plaintext secrets sitting in inboxes [1][5].

The project has been running since 2011 — over 14 years — originally built and maintained by a single developer (pglombardo) and now supported by the team at Apnotic [4][5]. It sits at 2,905 GitHub stars, which is modest compared to flashier tools, but reflects a narrow, focused audience rather than a popularity problem. The Docker image has accumulated enough pulls to suggest real production use at scale. The Apache 2.0 license means you can self-host, fork, and embed it without any legal friction.

There are two ways to use it: the hosted service at pwpush.com (free tier available, paid tiers for more features) or a self-hosted instance via Docker. Most of the third-party coverage focuses on the self-hosted path, which is the version this review covers.

---

Why people choose it

The use case is narrow and the problem is real. Every IT team, agency, and small business has a version of this moment: a new hire needs credentials, a client needs an API key, a contractor needs a database password. The path of least resistance is Slack or email. Everyone knows it’s wrong. Nobody has a better option ready to go.

Password Pusher is that better option, and the reviews that exist for it share a consistent reaction: it’s simple, it works, and the self-destruction mechanic provides enough reassurance to change behavior [1][5].

The GIGAZINE walkthrough [1] — which goes through the tool step-by-step — highlights a genuinely useful edge case: messaging apps like iMessage will pre-fetch URLs to generate link previews, which consumes one of your view counts before the recipient even sees the link. Password Pusher’s optional “one-click acquisition step” — an interstitial page before the actual secret — prevents this by requiring a human click to trigger the view count. That kind of detail signals the project has been maintained by someone who’s actually used it in production.

The noted.lol review [5] positions it alongside tools like Bitwarden Send and OneTimeSecret, noting it’s been around for a decade and “actively maintained by a passionate open source community.” The practical framing: if you have a remote job with heavy communication or a technical team regularly onboarding people, this fills a real gap.

What it’s not: a password manager. It doesn’t store credentials long-term, doesn’t have browser extensions, doesn’t replace 1Password or Bitwarden for vault management. It’s specifically for the moment of transmission — getting a secret from point A to point B without it persisting in the middle [4][5].

---

Features

Core push types:

• Password and text pushes — encrypted at rest, auto-expire by views and/or time [4][5]
• URL pushes — send a one-time link to a URL
• File sharing — available on Hosted Premium/Pro and Self-Hosted Pro tiers; not in OSS edition [3]
• Secure requests — one-time upload links where you ask someone to send you a secret (Premium/Pro only) [3]

Security controls:

• AES-GCM encryption at rest; data is deleted entirely once expired, not just flagged [README]
• Expiry by view count, time duration, or both — configurable per push [1]
• Optional passphrase lockdown — recipients must enter a password to view the secret [1]
• “One-click acquisition step” interstitial — prevents link-preview bots from consuming view counts [1]
• “Allow immediate deletion” checkbox lets recipients nuke the link themselves after retrieval [1]
• Two-factor authentication (TOTP) for user accounts [README]

Audit and administration:

• Full audit logs — who created what, who viewed it, when, from where [README][5]
• Admin dashboard for instance management [3][5]
• User logins and invite system for team tracking [5]

Self-hosting and customization:

• Docker Compose with automatic TLS via Let’s Encrypt — set TLS_DOMAIN and it handles cert provisioning [3]
• SQLite (default) or PostgreSQL backend [3]
• Ephemeral mode — stateless instance with no persistent database, useful for temporary deployments [3][4]
• Public gateway image — separate container exposing only the secret delivery side, not the push creation side, for extra segmentation [3]
• White-labeling via environment variables: custom logo, site name, tagline [4][5]
• 26 Bootswatch themes, light/dark system-preference following, custom CSS support [README][5]
• 31 language translations [README]

API and integrations:

• JSON REST API for scripted access via curl, wget, or custom tooling [4][5]
• CLI tooling documented in the official docs [3][5]
• Third-party integrations listed in the documentation [README]

---

Pricing: SaaS vs self-hosted math

OSS self-hosted:

• Software: $0 (Apache 2.0)
• VPS: $5–10/month (Hetzner, Contabo, DigitalOcean)
• Features available: text pushes, URL pushes, audit logs, API, white-labeling, admin dashboard, user logins

Hosted at pwpush.com:

• Free tier: basic password/text/URL pushes
• Hosted Premium: adds file sharing (up to 4GB), secure requests, enhanced branding, advanced audit logging — pricing listed on their site as “See Subscription Pricing” (exact figures not published in available sources)
• Hosted Pro: adds team collaboration, custom domains, team-wide security policies, priority support
• Self-Hosted Pro: all Pro features plus self-hosted deployment, SSO integration (Google, Microsoft Entra ID, Okta), flexible storage (S3, Azure Blob), commercial license [3]

The honest assessment: if you only need text and password sharing for a small team, the OSS self-hosted edition covers everything you need and costs nothing beyond the VPS. If you need file sharing or secure requests — the “I need someone to send me a secret” flow — you’re looking at a paid tier. Pricing for those tiers isn’t publicly listed in the docs; you’d need to check pwpush.com directly.

What are you avoiding? The alternative most teams default to — emailing passwords or sharing via Slack — is $0 but creates liability. One credential leak from a breached email account or a Slack export can cost far more than any subscription. That’s not a measurable line item, but it’s the actual business case.

---

Deployment reality check

This is where Password Pusher earns its longevity. The install path is genuinely simple [3]:

1. Set a DNS record pointing to your server
2. Download or clone the docker-compose.yml
3. Set TLS_DOMAIN in the compose file
4. Run docker compose up -d
5. Navigate to your domain — Let’s Encrypt certificate is provisioned automatically

That’s it. The official docs [3] are clear that if you skip TLS_DOMAIN, it runs on HTTP at port 5100, which is fine for testing or when you’re terminating TLS upstream.

For a quick test with no persistence:

docker run -d -p "5100:5100" pglombardo/pwpush-ephemeral:release

Then hit http://localhost:5100. No database required, no configuration, nothing persists on restart [4][5].

What you actually need for a production instance:

• A Linux VPS (1GB RAM is likely sufficient for small teams; 2GB is comfortable)
• Docker and docker-compose
• A domain name
• No SMTP required unless you want email notifications

Image tags worth knowing [3]:

• stable — recommended for production; tested and validated
• latest — most recent release, may include newer features
• nightly — development builds; not for production

What can go wrong:

• The public gateway image [3] is a nice security segmentation option (expose delivery without exposing the push creation interface) but requires running two containers and understanding the split — not a complexity most small teams need.
• PostgreSQL is the recommended production database for teams needing durability, but SQLite in a Docker volume covers most self-hosted use cases without the operational overhead.
• The libre self-hosted listing [4] shows an older version with the GPL-3.0 license noted — the current repository is Apache 2.0 [README]. If you’re checking old cached pages, verify against the GitHub repo directly.

Realistic time estimate for someone who has deployed a Docker container before: 15–30 minutes to a running HTTPS instance. For a complete first-timer: 1–2 hours including DNS propagation wait.

---

Pros and Cons

Pros

• 14 years in production. Not a weekend project. Millions of secrets delivered, actively maintained, with a documented upgrade path (v2.0 migration guide exists) [4][5].
• Apache 2.0 license. No usage restrictions, no commercial licensing headaches for embedding it in your own product or deploying for clients [README].
• Dead simple to deploy. One docker-compose file, automatic TLS, no complex dependencies [3].
• Ephemeral mode. Run a stateless instance for conferences, meetups, or temporary use cases — no database, no persistence, just push and forget [3][4].
• Genuinely secure defaults. AES-GCM encryption, data deleted entirely on expiry (not soft-deleted), optional passphrase, view-count protection against link-preview bots [1][README].
• Unbranded delivery page. Recipients see the secret, not your branding, ads, or signup calls. Clean handoff [4][5].
• API + CLI. Scriptable from day one — you can automate password distribution in CI/CD pipelines or provisioning scripts [4][5].
• White-label ready. Custom logo, themes, CSS — you can deploy this under your own brand for clients [5][README].
• 31 languages. If your team is international, the UI and secret delivery pages handle it [README].

Cons

• File sharing is paywalled. The OSS edition handles text, passwords, and URLs. If you need to securely transmit files (SSH keys, certificates, config files), you need a paid hosted tier or a Self-Hosted Pro license [3]. This is a real limitation for teams whose workflow involves file handoff.
• Secure requests are paid-only. The “ask someone to send me a secret” flow — useful for onboarding where you need contractors to submit credentials — is Premium/Pro only [3].
• Team features require Pro. Custom domains, SSO, team-wide security policies, and collaboration features are not in the OSS edition [3].
• Modest GitHub star count (2,905). Not a sign of a bad tool — the use case is narrow — but it means a smaller community, fewer third-party integrations, and less Stack Overflow coverage than broader projects.
• Pricing opacity. The hosted paid tiers don’t publish pricing in the documentation — you’re sent to “See Subscription Pricing” without numbers [3]. Annoying when comparing options.
• Not a password manager. If someone wants a tool that also stores and manages credentials long-term, this isn’t it. It’s transmission-only.

---

Who should use this / who shouldn’t

Use Password Pusher if:

• Your team currently shares credentials via email, Slack, or SMS and you want to stop without adding significant friction.
• You need a self-hosted, auditable secret-sharing flow that you control entirely.
• You want to deploy this for clients or embed it in your own product under your branding (Apache 2.0 allows it).
• Your use case is text and passwords — the OSS edition covers this completely for free.
• You want something running in under 30 minutes with automatic TLS.

Skip it if:

• You need file transfer as part of the secret-sharing flow and can’t pay for a hosted tier or Pro license — look at Bitwarden Send (which includes file sharing in its free tier).
• You need a full password vault with browser extensions, autofill, and long-term credential storage — this is not that tool; use Bitwarden or Vaultwarden.
• Your compliance team requires SOC 2 or similar certifications for a self-hosted tool — the hosted Pro tier may cover this but verify directly.

---

Alternatives worth considering

• Bitwarden Send — Bitwarden’s built-in secret-sharing feature. Handles text and files, free tier includes file sharing up to 500MB, and it’s part of an ecosystem that also covers vault management. If your team already uses Bitwarden, Send is the zero-friction choice.
• OneTimeSecret — the older, simpler equivalent. Text-only, no file sharing, minimal setup. Open source (MIT) and deployable. Less featured than Password Pusher but even simpler.
• Snappass — Pinterest’s open-source secret-sharing tool, Redis-backed. Similar concept, more minimal, less actively maintained.
• Vault (HashiCorp) — overkill for small teams, but if you’re already running infrastructure with secrets management at scale, Vault’s cubbyhole or response-wrapping features handle this use case at the infrastructure level.
• Privatebin — technically a pastebin tool with optional encryption, not purpose-built for password sharing, but used for similar one-time text sharing use cases.

For most non-technical teams making this decision: Password Pusher vs Bitwarden Send is the real choice. If you need file sharing for free, Bitwarden Send wins. If you want a standalone self-hosted tool with better audit logging and white-labeling, Password Pusher wins.

---

Bottom line

Password Pusher is one of those tools that does exactly what it says, has done it for 14 years, and doesn’t try to become something else. The problem it solves — getting a secret from one person to another without leaving a permanent trail in email or chat — is real, constant, and underserved by the “just use 1Password” answer that doesn’t help when you’re sharing credentials with someone outside your vault. The OSS edition self-hosts in 30 minutes, costs nothing beyond the VPS, and covers the core use case completely. The limitations are real: file sharing and team features require paid tiers, and the hosted pricing isn’t transparent. But for a sysadmin or IT team that wants to permanently end the “can you just email me the password” conversation, the math is simple.

---

Sources

1. GIGAZINE — “Review of Password Pusher, a web app that allows you to quickly issue password sharing URLs” (Jan 29, 2024). https://gigazine.net/gsc_news/en/20240129-password-pusher/
2. SourceForge — “Password Pusher Reviews in 2026”. https://sourceforge.net/software/product/Password-Pusher/
3. Password Pusher Documentation — “OSS Self-Hosted Installation”. https://docs.pwpush.com/docs/installation/
4. Libre Self-Hosted — “Password Pusher project listing”. https://libreselfhosted.com/project/password-pusher/
5. noted.lol — “Password Pusher: The Easy and Safe Way to Share Passwords, Files and URLs”. https://noted.lol/password-pusher/

Primary sources:

• GitHub repository and README: https://github.com/pglombardo/passwordpusher (2,905 stars, Apache 2.0 license)
• Official documentation: https://docs.pwpush.com
• Editions overview: https://docs.pwpush.com/docs/editions/
• Hosted service: https://pwpush.com