Simple page protection

Hi all,

I am trying to host a streamlit app without using any user auth, basically I just want to protect the page with a token (so that anyone that has the link to the site can paste it into a text field and unlock the rest of the app). I found that I could store a string as a secret and match it at the top of the code (before anything gets rendered).

access = st.text_input("Access Token", type="password")
if access == st.secrets["ACCESS_TOKEN"]:
        # Rest of the code to display app here

I don’t know how secrets are stored/read in streamlit, I assume this is a bad idea?

It depends how you manage your secrets. In Community Cloud for example:

And make sure you don’t commit a secrets.toml file in a public repo.