Security Tool

Generate Encryption Key

This page generates a new master key for the Password Pusher application.

Why Use a Custom Key?

Password Pusher encrypts sensitive data in the database. Although there is a default key included, it's best practice to use your own custom encryption key.

With each refresh, this page generates a new encryption key. You can use the randomly generated code below to configure your Password Pusher instance.

Generated Key

Refresh the page to generate a new key

Raw Key

Environment Variable

You can apply this key to your application by setting the environment variable PWPUSH_MASTER_KEY.

Reload this page to re-generate a new key.

Important Notes

If an encryption key isn't provided, a default key will be used.

The best security for private instances of Password Pusher is to use your own custom encryption key although it is not required.

The risk in using the default key is lessened if you keep your instance secure and your push expirations short. e.g. 1 day/1 view versus 100 days/100 views.

Once a push expires, all encrypted data in that push is deleted.

Changing an encryption key where old pushes already exist will make those older pushes unreadable. In other words, the payloads will be garbled. New pushes going forward will work fine.

Command Line Generation

Key generation can also be done from the command line in the application source by executing:

# Navigate to the application directory

cd /opt/PasswordPusher

# Open the Rails console

bin/pwpush console

# Generate a new key

Lockbox.generate_key