Skip to content
Klutch.sh Docs

Deploying a Password Pusher App

Introduction

Password Pusher is an open-source tool for securely sharing passwords and secrets with time- or view-based expiration. Deploying Password Pusher with a Dockerfile on Klutch.sh provides reproducible builds, managed secrets, and persistent storage for metadata—all configured from klutch.sh/app. This guide covers installation, repository prep, a production-ready Dockerfile, deployment steps, Nixpacks overrides, sample API usage, and production tips.

Prerequisites

  • A Klutch.sh account (sign up)
  • A GitHub repository containing your Password Pusher Dockerfile (GitHub is the only supported git source)
  • PostgreSQL or MySQL database (deploy as a Klutch.sh TCP app on port 8000; connect on native port)
  • Domain and TLS for secure access

For onboarding, see the Quick Start.

Architecture and ports

  • Password Pusher (Rails) serves HTTP on internal port 5100; choose HTTP traffic.
  • Persistent storage is optional for logs; secrets are stored in the database.

Repository layout

passwordpusher/
├── Dockerfile              # Must be at repo root for auto-detection
├── Gemfile
├── Gemfile.lock
├── config/                 # Rails config
└── public/                 # Assets

Keep secrets out of Git; store them in Klutch.sh environment variables.

Installation (local) and starter commands

Validate locally before pushing to GitHub:

Terminal window
bundle install --without development test
RAILS_ENV=production bundle exec rake assets:precompile
RAILS_ENV=production bundle exec rails db:migrate
RAILS_ENV=production rails server -b 0.0.0.0 -p 5100

Dockerfile for Password Pusher (production-ready)

Place this Dockerfile at the repo root; Klutch.sh auto-detects it (no Docker selection in the UI):

FROM ruby:3.2-alpine


ENV RAILS_ENV=production PORT=5100


WORKDIR /app


RUN apk add --no-cache build-base nodejs yarn postgresql-dev mariadb-connector-c-dev sqlite-dev tzdata git


COPY Gemfile Gemfile.lock ./
RUN bundle install --without development test --deployment --clean


COPY . .
RUN bundle exec rake assets:precompile


EXPOSE 5100
CMD ["sh", "-c", "bundle exec rake db:migrate && bundle exec rails server -b 0.0.0.0 -p ${PORT}"]

Notes:

  • Install the DB client that matches your database (Postgres or MySQL); keep the other if you need flexibility.
  • Adjust bundle install flags if you vendor Ruby gems differently.

Environment variables (Klutch.sh)

Set these in Klutch.sh before deploying:

  • PORT=5100
  • RAILS_ENV=production
  • SECRET_KEY_BASE=<secure-random>
  • Database (choose one):
    • PostgreSQL: DATABASE_URL=postgres://<user>:<password>@<host>:5432/<db>
    • MySQL: DATABASE_URL=mysql2://<user>:<password>@<host>:3306/<db>
  • HOSTNAME=https://example-app.klutch.sh
  • Optional mailer (for notifications): SMTP_ADDRESS, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD, SMTP_AUTH, SMTP_ENABLE_STARTTLS_AUTO

If you deploy without the Dockerfile and need Nixpacks overrides:

  • NIXPACKS_RUBY_VERSION=3.2
  • NIXPACKS_BUILD_CMD=bundle install --without development test --deployment --clean && bundle exec rake assets:precompile
  • NIXPACKS_START_CMD=bundle exec rails server -b 0.0.0.0 -p 5100

Attach persistent volumes

In Klutch.sh storage settings, add mount paths and sizes (no names required) if you store logs locally:

  • /app/log — Rails logs.

Ensure this path is writable inside the container.

Deploy Password Pusher on Klutch.sh (Dockerfile workflow)

  1. Push your repository—with the Dockerfile at the root—to GitHub.
  2. Open klutch.sh/app, create a project, and add an app.
  3. Select HTTP traffic and set the internal port to 5100.
  4. Add the environment variables above, including database and mailer settings and SECRET_KEY_BASE.
  5. Attach a persistent volume for /app/log if you want to keep logs on disk.
  6. Deploy. Your Password Pusher instance will be reachable at https://example-app.klutch.sh; attach a custom domain if desired.

Sample API usage

Create a push (replace token with an admin API token if required by your setup):

Terminal window
curl -X POST "https://example-app.klutch.sh/p" \
  -H "Content-Type: application/json" \
  -d '{"secret":"Hello from Password Pusher on Klutch.sh","expire_after_days":1,"expire_after_views":5}'

Retrieve a push (if publicly accessible):

Terminal window
curl -X GET "https://example-app.klutch.sh/p/<push_id>"

Health checks and production tips

  • Add an HTTP probe to / or /health (if you add one) for readiness.
  • Enforce HTTPS at the edge; forward internally to port 5100.
  • Keep SECRET_KEY_BASE and DB credentials in Klutch.sh secrets; rotate regularly.
  • Monitor logs volume if enabled; resize before it fills.
  • Pin image versions and test upgrades in staging; back up your DB before updates.

Password Pusher on Klutch.sh combines reproducible Docker builds with managed secrets, persistent storage, and flexible HTTP/TCP routing. With the Dockerfile at the repo root, port 5100 configured, and your database connected, you can securely share secrets without extra YAML or workflow overhead.