In 2011, I built something that took about a weekend.
A text input. Some encryption. A submit button. That was it. I pushed it to production, open-sourced the code, and went back to my day job. I didn’t think about it much after that.
But someone used it. And then someone else did. And then a few more.
“Go Ahead. Email Another Password.” That was the tagline. That was the whole pitch. The product was barely a product — it was a reaction to a problem that annoyed me. People were emailing passwords in plain text. So I built the smallest thing that could fix that.
Then a strange thing started happening.
See that flat line from 2012 to 2014? That’s three years of almost nothing. Then a slow curve upward. Not fast. Not in any way that would make a headline. Just — every month, a little more. More Docker pulls. More people I’d never heard of, at companies I’d never heard of, quietly using this thing I built on a weekend.
Year after year. I’d add a feature. Fix a bug. Add another feature. The backlog grew. Feature requests started waiting six months. Then a year. Then longer.
And at some point — I don’t remember the exact moment — but sometime in late 2023-2024 I had to make a decision.
Option one: keep the pace. Hobby project. A few features a year. Nothing wrong with that.
Option two: find a way to make this thing self-sufficient. Work on it properly. But on my terms.
I went with option two.
Now here’s the part where most founders say they raised a round. Pitched VCs. Built a deck. Got a term sheet.
I didn’t do any of that.
Instead, I built a feature pipeline. Premium features for subscribers, with those features rolling into the open-source version over time. Customers fund development. Development benefits everyone. No investors, no debt, no one to answer to except the people using the product.
That became Apnotic.
And today — fourteen years after that weekend — we have 345K monthly active users. 50M+ Docker downloads. Over 100 million secrets shared. 400 paying customers. Healthy recurring revenue. A team of two, an advisor, and fourteen years of work that I genuinely enjoy showing up to every day.
All from a text input. Some encryption. And a submit button.
]]>Security tools like Password Pusher ought to be available to your entire organization—always. They educate your team, build better security habits, and protect sensitive data. When security is the default, the whole organization benefits.
We know you have choices. There are alternatives and competitors.
Our main criticism of many of them isn’t features—it’s price. Some charge up to $30/user/month. Others charge per push and charge for API access. How can security become the default when adoption is that complicated and expensive? That kind of pricing shuts out smaller teams and orgs that need it most.
Apnotic is a small, dedicated team. We have open source roots, no venture funding, no debt, and we’re profitable. No outside investors or pressures—just a long history of building Password Pusher (since 2011) and a focus on making a sincere, honest, and secure product.
We believe these tools should be priced so that entire organizations can have access—not just the few who use them every day. That’s the position we’re coming from.
Self-Hosted Pricing
We priced Self-Hosted with one goal: let you roll the tool out to your entire organization without per-user sticker shock with all the features you need out of the box.
We don’t charge for every user. Each plan includes a base number of seats: Starter (5), Advanced (25), and Enterprise (50). Need more than the base? We charge for extra seats—but not at competitor rates. Additional seats start at $1/user/month and go down on larger plans.
What’s more, we never limit pushes or requests, and API access is always included.
With Self-Hosted Password Pusher Pro, your data is yours. We even declare this in the EULA:
To be absolutely clear: Apnotic has no ability to access Your Data, and we never will. Your sensitive information, passwords, user content, and all other data stored within your self-hosted deployment remain completely private and inaccessible to Apnotic. We cannot see it, we do not want to see it, and we have designed the Software specifically to ensure that your data stays within your control at all times.
We hope you see the same value we do in this approach. As always, we’ll keep listening to the community and evolving. Password Pusher is what it is today because of the feedback, suggestions, and ideas you’ve shared over the years.
See Self-Hosted pricing at the links below. Where you purchase determines your customer data residency:
- US — us.pwpush.com
- EU — eu.pwpush.com (GDPR compliant)
Questions or feedback? Email me directly anytime: [email protected].
Need support? [email protected]
Peter Giacomo Lombardo
Founder & Principal, Apnotic · Creators of Password Pusher
]]>
A Single German IP
For over a year, a single IP from Germany has been generating 8,000–10,000 anonymous pushes daily on pwpush.com, far exceeding the activity of any other single IP. Initially, I wondered if this was spam or abuse, but it could also have been a legitimate automated use case—who’s to say? With no complaints or harm reported, I let it slide.
Then, a few weeks ago, this IP ramped up to 90,000–100,000 pushes per day, dwarfing all other activity.
More recently, it spiked to a staggering ~200,000 pushes daily, pushing our system to its limits. This surge began to impact the experience for other users, so I had to take action.
Here’s the story, along with some context about how Password Pusher handles push expiration and what we’ve done to keep the service running smoothly.
How Push Expiration Works
In Password Pusher, pushes (and their associated requests) are designed to expire automatically based on either a view limit or a duration limit. Once a limit is reached, the secret URL self-destructs, ensuring sensitive data doesn’t linger.
- View-Based Expiration: This is straightforward. When a push reaches its final allowed view, the application displays the payload and immediately deletes the push.
- Duration-Based Expiration: This requires periodic scans. Background jobs run at intervals to identify pushes that have exceeded their duration and trigger their deletion.
To ensure no expired pushes slip through, we re-verify expiration limits whenever a viewer requests a push. If the limits are exceeded, the push is deleted on the spot, and the viewer sees an expiration message. This approach guarantees that expiration rules are always enforced, even if a background job hasn’t yet processed a push.
The Impact of the Anonymous IP
As the IP’s activity surged to ~200,000 pushes per day, our background expiration jobs took longer to complete. This increased system load and began affecting other users’ experience. While I’d like to believe there was a valid use case behind this activity, the strain it placed on Password Pusher’s infrastructure was undeniable.
Of course I can scale out more workers and increase resources but this all has a financial cost. For the single anonymous source with unknown motives, this wasn’t an option.
So to address this, I made the tough decision to block the IP—a step I’ve rarely taken. I also optimized the performance of the background expiration job and tightened API throttling to better manage high-volume usage. These changes have helped stabilize the system and ensure a smoother experience for all users.
Looking Ahead
Password Pusher is an open-source project at its core, built by the team at Apnotic to serve the community.
We’re committed to providing anonymous access and supporting diverse use cases, but we also have to prioritize the availability and performance of the service for everyone.
A Message to the Owner of that IP
If you’re the user behind this IP and have a legitimate use case, please reach out! I’d be happy to discuss how we can support your needs without compromising the experience for others.
You can contact me directly, and we’ll work to find a solution.
Alternatively, if your use case involves high-volume pushes, you might consider self-hosting your own instance of Password Pusher to better suit your needs. Here’s how you can get started:
Run Your Own Ephemeral Instance
Set up a DNS record to point to your server (e.g., pwpush.example.com).
Run the following command:
docker run -d -p "80:80" -p "443:443" --env TLS_DOMAIN=pwpush.example.com pglombardo/pwpush:latest
Browse to https://pwpush.example.com.
Or Alternatively
Use one of our production-ready Docker Compose files with persistent databases for a more robust setup.
Thank you to our amazing community for your continued support. Password Pusher thrives because of you.
]]>
Background
Up to this point, I’ve been happily working on Password Pusher since it’s inception in 2011 in my free time and it’s been greatly rewarding.
But over the last few years, popularity has grown to such a point that, because of the large backlog of work to do, feature requests have had to wait sometimes a year or more before I can even get the point of implementing them.
Some of these requests are:
- Extended Branding: More logos & custom text on more pages
- SSO & LDAP
- More Password Generator Options
- Bulk push operations
- Automatic Emailing of Pushes
- Large (>4GB) file uploads
- and a lot more…
These would be great additions to the project but have been delayed over and over again just because of the sheer number of requests and limited time.
Which Direction Forward?
So what to do?
My options are that I can either:
- Option 1: maintain the current pace with recreational coding in my free time, adding a few big features each year
or
- Option 2: find a way to to accelerate this project, make it self-sufficient and start to add the features users are asking for now
…we are going with the second option.
Feature Pipeline
The feature pipeline is a set of premium and pro features over and beyond the open-source code base that is available through subscriptions.
As development progresses, many of these premium features will periodically be moved to the open-source code base.
Organizations that subscribe get immediate access to these premium features and support open-source development.
Going forward, some newly developed features may be premium at first only, others will go straight to open-source.
This model creates a “pipeline of features” that progress from premium to open-source. It will allow me to work far more on the project and really accelerate development.
Self-Hosted: What’s Changed?
Absolutely nothing has changed but do expect more features faster in the open-source version coming soon.
Note: A self-hosted version of the Premium/Pro features (Self-Hosted Pro) is now available. See Pro Self-Hosted and Self-Hosted Pricing.
pwpush.com: What’s Changed?
You get a ton of new features immediately (without a subscription).
And for those who want to subscribe, there are even more features aimed at professionals and teams. Read about them here.
But there is one feature that is now subscription limited that wasn’t previously: file uploads. Read on for more.
pwpush.com: File Uploads
For a long time, on pwpush.com, anyone could upload files and attach them to pushes. Essentially anonymous file uploads.
It started out well but lately there has been some hints of abuse and after thinking it through, I’ve realized that anonymous file uploads pose a real risk to myself and to the project.
I really tried to keep these free but unfortunately, the risk is too great and hence are now only available to subscribers.
This only affects users of pwpush.com. Those self-hosting the application are unaffected.
Note: To utilize file uploads, you can either subscribe or self-host Password Pusher which doesn’t have any limitations on file uploads.
My apologies on this one. I really tried to keep file uploads free but unfortunately it’s just not possible.
Editions
There are now three editions of Password Pusher:
- OSS: The open source version as always available in the Github repository
- Premium: A Premium edition on pwpush.com with file uploads, a personal policy & extensive branding
- Pro: A Pro edition for teams collaboration, custom domains & team policy enforcement
Where are these editions available? Here’s a table to illustrate:
| Edition | pwpush.com? | Can Self-Host? |
|---|---|---|
| OSS | ✅️️️ | ✅ |
| Premium | ✅️ | ✖️ |
| Pro | ✅️ | ✅ |
See the subscription pricing here.
Note: The Pro self-hosted option (Self-Hosted Pro) is now available. See Pro Self-Hosted and Self-Hosted Pricing.
How to Subscribe
Thank you for even considering to support the project. Pricing for the new subscriptions is here.
Summary
My hope is that the introduction of subscriptions and this new feature pipeline will allow me to build out Password Pusher to better secure you and your organizations and to to hopefully make your professional lives a little bit easier.
And ultimately, to have the open-source version as the eventual & final benefactor of new features.
Wrap Up
Thanks to the Password Pusher community for the trust, support & feedback over the years.
As always, if you have any questions, problems or feedback, feel free to contact me anytime: pglombardo at the pwpush.com domain or see the Support page for other methods.
See Also
]]>
This page explains and illustrates the new features introduced along with subscriptions and the new Feature Pipeline.
Note: These features are not yet available in the OSS edition. Read about the Feature Pipeline for more info.
For All Users
Two Factor Authentication
User accounts now include the option of enabling two-factor authentication. Make sure to download your backup codes.
Google & Microsoft Single Sign-On
Login with your Google and/or Microsoft account
Personal Policies
Set Push defaults, preferences, limits and even hide options entirely.
Multiple API Tokens
Create a Unique token for each tool that you connect with.
You can even revoke tokens now.
Multiple Workspaces
One for you, one for your day-time job and others for whatever your needs are.
Easy switch between workspaces without having to change your log in.
Set your timezone, preferred language and more.
Finally - show dates/times in your local timezone.
Premium
Premium & Pro subscribers get personalized branding and can attach files to pushes.
File Uploads
Add files to text pushes:
Or push only files:
Users receive branded pushes with files:
Logo Branding
Add a logo to your pushes.
1-Click Retrieval Step Branding
The 1-click retrieval step page can be customized to increase end-user confidence with a logo or custom text. You can even change the text of the “Click Here to Proceed” link if you wish.
Passphrase Page Branding
The passphrase page can be branded with custom text, links and a logo.
Delivery Page Branding
Customize the push delivery page according to your organization’s needs.
Expired Page Branding
Pro
Pro subscribers get everything above plus…
Custom Domain
Use your own custom domain on Pushes.
Invite the Team
Invite colleagues to collaborate and manage pushes
Team Roles
Decide who is admin and who is a member. Authorize others to set policy and to add/delete users.
Team Collaboration
View and manage all pushes created by your team
Team Policies
Enforce security policies on your team; hide or force options, set defaults
Summary
I hope you find the new features useful. As always, if you have any issues, questions or feedback, feel free to contact me anytime!
🤔 Still need something for you or your organization that you don’t see here? Let me know!
See Also
- Subscription Pricing
- Features Matrix
- Introducing the Feature Pipeline - Announcement Post