{ "name": "PasswordPusher", "description": "Share passwords, text, files, URLs, and QR payloads via secret links that expire by views and/or time. Encrypted storage, optional passphrase, audit logging, and JSON API.", "website": "https://pwpush.com", "repository": "https://github.com/pglombardo/PasswordPusher", "logo": "https://pwpush.fra1.cdn.digitaloceanspaces.com/branding/logos/horizontal-logo-small.png", "keywords": [ "password", "security", "expire", "file-sharing", "url-sharing", "qr-code", "rails" ], "success_url": "/", "stack": "heroku-24", "buildpacks": [ { "url": "heroku/ruby" } ], "formation": { "web": { "quantity": 1, "size": "basic" } }, "addons": [ { "plan": "heroku-postgresql", "as": "DATABASE" } ], "scripts": { "postdeploy": "bundle exec rails db:prepare" }, "env": { "BUNDLE_WITHOUT": { "description": "Bundler groups to exclude from production bundle.", "value": "development:test" }, "RAILS_LOG_TO_STDOUT": { "description": "Log to stdout for Heroku log drain.", "value": "true" }, "RAILS_SERVE_STATIC_FILES": { "description": "Serve static assets from Rails when no CDN is in front.", "value": "true" }, "SECRET_KEY_BASE": { "description": "Rails secret key base. Generate: rails secret", "generator": "secret" }, "PWPUSH_MASTER_KEY": { "description": "Lockbox encryption key for payloads. Generate: rails runner 'puts Lockbox.generate_key'", "generator": "secret" }, "WEB_CONCURRENCY": { "description": "Puma worker processes (memory vs throughput tradeoff).", "value": "2" }, "PWP__HOST_DOMAIN": { "description": "Public hostname without scheme (e.g. myapp.herokuapp.com). Required for correct secret URLs.", "required": false }, "PWP__HOST_PROTOCOL": { "description": "https recommended in production.", "value": "https" }, "PWP__OVERRIDE_BASE_URL": { "description": "Full base URL if app is behind a proxy or custom domain (e.g. https://secrets.example.com).", "required": false }, "PWP__ALLOWED_HOSTS": { "description": "Space-separated hostnames Rails should accept (Host header). Set to your Heroku hostname and custom domains.", "required": false }, "PWP__FILES__STORAGE": { "description": "File push backend: local (ephemeral on Heroku) or s3. Use s3 for durable file pushes; see docs for PWP__FILES__S3__* vars.", "value": "local" }, "PWP__ALLOW_ANONYMOUS": { "description": "Allow creating pushes without signing in.", "value": "true" }, "PWP__DISABLE_SIGNUPS": { "description": "Hide Sign Up and block new registrations via UI.", "value": "false" }, "PWP__DISABLE_LOGINS": { "description": "Hide Log In; sign_in returns 404. Use with allow_anonymous true for anonymous-only. Do not combine with allow_anonymous false.", "value": "false" }, "PWP__REQUIRE_MFA": { "description": "Require TOTP MFA for all signed-in users. Users without MFA are redirected to setup.", "value": "false" }, "PWP__ENABLE_USER_ACCOUNT_EMAILS": { "description": "Devise mail (confirm/reset). Requires SMTP; set PWP__MAIL__SMTP_* when true.", "value": "false" }, "PWP__MAIL__SMTP_ADDRESS": { "description": "SMTP host when account emails are enabled.", "required": false }, "PWP__ENABLE_FILE_PUSHES": { "description": "File pushes require a signed-in user unless disable_logins hides the feature.", "value": "true" }, "PWP__ENABLE_URL_PUSHES": { "description": "URL push kind.", "value": "true" }, "PWP__ENABLE_QR_PUSHES": { "description": "QR push kind.", "value": "true" }, "PWP__THEME": { "description": "Bootswatch theme name. See https://docs.pwpush.com/docs/themes/", "value": "default" } }, "environments": { "review": { "formation": { "web": { "quantity": 1, "size": "basic" } } } } }