Hello, everybody! Here is a WIP “full-stack” solution to presenting & persisting data with a Streamlit app that also has authentication via an Nginx reverse proxy. This should be secure, but I more than welcome the community to poke holes in this repo if I’ve overlooked anything critical (such as a publicly exposed database).

link to public Github repo

Context

For my day job, I frequently share sensitive data with trusted third parties via Excel files. Obviously, Streamlit would be a great replacement. Yet, the biggest hurdle I’ve faced is user authentication, since I’m working with dozens of third parties outside my trusted internal network/VPN. I want to show them my analyses, but my IT department won’t let them see it unless they’re authenticated.

And I don’t think I’m the only one. The ability to authenticate has been a pain point in several forum posts.

To help those facing similar constraints as myself (love Streamlit but need enterprise-grade authentication), I am sharing a bare-bones solution that should work (same as linked above). The trick is to configure nginx as a reverse proxy with an authentication layer that then sends you to Streamlit via proxy_pass.

Now once I did this, I realized there’s a bit more magic I can tap into. So I also setup a “full stack solution” with FastAPI, postgresql, and PGAdmin4 for interacting with & persisting information. This is helpful for me, because I build lots of micro-apps across my organization. So I need to save some data down, present it in a certain way, and allow for simple CRUD (which Streamlit is decent enough at). But if all you want is authentication (and don’t care about the API, etc.) then the README has some easy instructions for you.

Finally, something that we were all looking for! Will definitely use this and let you know if I find anything interesting.

Great! With this, I’m effectively looking to develop a “starter repo” for my authenticated, RESTful CRUD apps. Ideally, I can use this as a quick baseline to fork into other CRUD projects.

The example in the repo I’ve shared shows how I create, read, update, and destroy a sample “item” object. All the bells and whistles of FastAPI should work (e.g. I have docs running at example.com/api/v1/docs) along with Streamlit & pgadmin4.

This is awesome!

Calling @randyzwitch’s attention here (when he gets back from vacation!) since this is something we could add to our Streamlit Deployment Guide (wiki)

By the way, regarding this:

To help those facing similar constraints as myself (love Streamlit but need enterprise-grade authentication)

This is one of the things you’ll get with zero effort in Streamlit for Teams. But that’s just the tip of the ice-berg – there’s a lot more around collaboration and management that we’re designing with now