Generate an Encryption Key
This page is used as a helper tool to generate a random encryption key for self-hosted instances of Password Pusher.
Explanation
Password Pusher encrypts sensitive data in the database. Although there is a default key included, it's best practice to use your own custom encryption key.
With each refresh, this page generates a new encryption key. You can use the randomly generated code below to configure your Password Pusher instance.
Generated Encryption Key
You can apply this key to your application by setting the environment variable
PWPUSH_MASTER_KEY
.
Reload this page to re-generate a new key.
Notes:
- If an encryption key isn't provided, a default key will be used.
- The best security for private instances of Password Pusher is to use your own custom encryption key although it is not required.
- The risk in using the default key is lessened if you keep your instance secure and your push expirations short. e.g. 1 day/1 view versus 100 days/100 views.
- Once a push expires, all encrypted data in that push is deleted.
- Changing an encryption key where old pushes already exist will make those older pushes unreadable. In other words, the payloads will be garbled. New pushes going forward will work fine.
-
Key generation can also be done from the command line in the application source by executing:
Lockbox.generate_key
.> cd /opt/PasswordPusher > bin/rails c > Lockbox.generate_key