Swush Documentation

Storage Uploads Streaming & Previews Email Limits & Quotas Security Cloudflare Jobs & Cron

Changelog Roadmap Feedback Demo

Configuration

Security

Auth, API keys, and passwords.

Auth

Session-based web auth
Device flow for extension access
Optional two-factor support

API keys

API keys are required for external automation
Keys can be scoped and revoked
Admins can disable API tokens globally
Admins can disable API tokens per user
Rotate keys if shared or leaked

Passwords

Item passwords are hashed with Argon2.

Sharing & anonymity

Anonymous sharing hides owner identity (not really anonymous, but better than nothing)
Sharing pages use /v/{slug} for a viewer layer and /x/{slug} for raw access
Spoiler tags are respected in previews

Recommendations

Use HTTPS in production
Restrict CORS_ORIGIN to trusted domains
Keep database and storage private
Disable API tokens for untrusted users or public instances

Limits & Quotas

Storage, upload, and per-module limits.

Cloudflare

Cache rules and tunnels.

On this page

Auth API keys Passwords Sharing & anonymity Recommendations