Introducing Password Protected Environments
Now available on our Team plans! Secure your development and preview environments with Ampt's new password protection feature.
- Ben Miner
One of our most requested features is finally ready: Password Protected Environments! Users on our Team plan can now set shared passwords on any deployed stage or preview environment deployed with Ampt. Whether it's a new feature in development you want to keep secret, a staging site for review, or a sensitive admin panel, public access can be blocked by a password for that extra layer of security.
Setting a Password
You can set a password in the Settings menu for an app in the Ampt Dashboard. The password can be applied to any existing stages or preview environments, or you can enable "Set for all preview environments" to have the password automatically added to new preview environments as they're created. Developer sandboxes do not support passwords since they are only active while connected via the CLI.
Once set, environments with passwords will appear along with their current status.
With the password applied, navigating to any of the environments will initially return a password form, only allowing “entry” once the correct password has been supplied.
The password settings page is also available in every environment's Settings menu that has a password set. This allows you to override each environment's password if desired.
How it Works
When a password is set, Ampt automatically notifies the requested environments, which immediately update to begin enforcing the password. For additional security and efficiency, Ampt will update the edge routing functions, protecting static assets as well. The password is still enforced while the edge functions are being updated, but initial load times might be a bit slower than usual. Edge updates usually take anywhere between 3 to 5 minutes.
Password "sessions" last an hour, and are only enforced for non-API requests. This allows you to test any defined API routes for an environment that has a password set. In the future, we plan to add additional controls to protect specified routes for APIs, modify session length, and customize the login page.
What do you think?
We're excited to see how everyone will use password protected environments! We love hearing your feedback, so please be sure to join our community on Discord to share your thoughts and experiences. We've got more updates to come. 🙌