Password Pusher (pwpush.com) is a popular open-source tool for sharing expiring credentials. Secure Share takes a different approach with true zero-knowledge encryption. Here's how they compare.
| Feature | Secure Share | Password Pusher | Notes |
|---|---|---|---|
| Client-Side Encryption | — | Secure Share encrypts in-browser; Password Pusher encrypts server-side | |
| AES-256-GCM | — | Password Pusher uses server-side symmetric encryption | |
| Zero-Knowledge Architecture | — | Secure Share server cannot decrypt data; PP server can | |
| Passphrase Protection | Both support optional passphrase-locking | ||
| Configurable TTL | Secure Share: 30m–7d. PP: 1 day–90 days | ||
| View Limit (Burn After N Views) | Secure Share: 1 view (strict). PP: configurable 1–100 views | ||
| Encrypted File Attachments | Secure Share: ≤5MB encrypted client-side. PP: file push on paid plans | ||
| Bot / Link Preview Protection | — | Secure Share blocks Slack/Teams/Discord bots from consuming the link | |
| No Account Required | Both allow anonymous usage | ||
| Generous Free Tier | — | PP free tier has limits; paid plans start at $6/mo. Secure Share has a generous free tier | |
| Open Source | PP is fully open source (Ruby on Rails); Secure Share publishes crypto source, schema, and threat model | ||
| Self-Hosted Option | — | PP can be self-hosted via Docker; Secure Share is SaaS only | |
| REST API | — | PP offers a full REST API for automation | |
| Multi-View Secrets | — | PP supports secrets viewable up to 100 times |
Secure Share encrypts your message and any attached files entirely in your browserusing AES-256-GCM via the Web Crypto API. The encryption key lives only in the URL's # fragment — a part of the URL that browsers never transmit to any server.
This means our server stores only ciphertext it cannot decrypt. Even if our entire database were compromised, attackers would get nothing but random bytes.
Password Pusher encrypts your secrets on the server before storing them. While the encryption is solid, the server does see your plaintext during the encryption process. This means the server operator (you, if self-hosted) could theoretically access secrets.
Self-hosting mitigates this risk — you control the server. But for the hosted version at pwpush.com, you're trusting their infrastructure.
Attach files up to 5 MB that are encrypted alongside your message in the browser. The file is base64-encoded and bundled into the encrypted payload — the server never sees the file contents. Available on every share, included in the free tier.
Password Pusher supports "File Pushes" on paid plans. Files are uploaded to the server and encrypted server-side. The free hosted tier has limitations on file attachments. Self-hosted deployments can configure their own limits.
Core features — passphrase protection, file attachments, configurable TTL, bot protection — are all available at no cost with no sign-up required.
The hosted version offers a free tier with basic features. Pro plans start at $6/month and add features like file pushes, custom domains, higher retrieval limits, and account dashboards. Self-hosting is free but requires your own infrastructure.
Don't take our word for it. Our encryption source code, database schema, and threat model are published on GitHub for anyone to audit. You can verify that the key never leaves your browser and that our server stores only ciphertext it cannot decrypt.
No sign-up required. Encrypted in your browser, not on a server.
Try Secure Share →