Flexible password policies for Elixir.


Add to your mix.exs:

def deps do
    {:password, "~> 1.0"}

If you’re not using application inference, then add :password to your applications list.


Create a new file and define a module like so:

defmodule MyApp.Password do
  use Password, [
    # Policies


The empty list is where password policies go. For example:

defmodule MyApp.Password do
  use Password, [


To run the policies agains an input, use the validate/1 function:

iex> MyApp.Password.validate("password")
{:error, [Password.Policy.SpecialCharacters]}

iex> MyApp.Password.validate("password$")

To learn more about the included password policies and how to configure them, see below.

Password policies

Password’s Policy modules are essentially middleware that you can plug in or extend to create your own. At moment, the current modules are included:

Check documentation on hexdocs.

To create your own password policies, simply create a module that implements the Password.Policy behaviour and provide the validate/2 function. See source of included modules as an example.


Heresy logo

This project is sponsored by Heresy. We’re always looking for great engineers to join our team, so if you love Elixir, open source and enjoy some challenge, drop us a line and say hello!


  • Password: See LICENSE file.
  • “Heresy” name and logo: Copyright © 2018 Heresy Software Ltd