Authentication without SSO

Want to secure your Streamlit app with passwords, but cannot implement single sign-on? We got you covered! This guide shows you two simple techniques for adding basic authentication to your Streamlit app, using Secrets management.

priority_high

Warning

While this technique adds some level of security, it is NOT comparable to proper authentication with an SSO provider.

This is the easiest option! Your app will ask for a password that's shared between all users. It will be stored in the app secrets using Secrets management. If you want to change this password or revoke a user's access, you will need to change it for everyone. If you want to have one password per user instead, jump to Option 2 below.

Your local Streamlit app will read secrets from a file .streamlit/secrets.toml in your app's root dir. Create this file if it doesn't exist yet and add your password to it as shown below:

# .streamlit/secrets.toml password = "streamlit123"
priority_high

Important

Be sure to add this file to your .gitignore so you don't commit your secrets!

As the secrets.toml file above is not committed to GitHub, you need to pass its content to your deployed app (on Streamlit Community Cloud) separately. Go to the app dashboard and in the app's dropdown menu, click on Edit Secrets. Copy the content of secrets.toml into the text area. More information is available at Secrets management.

Secrets manager screenshot

Copy the code below to your Streamlit app, insert your normal app code below the check_password() function call at the bottom, and run it:

# streamlit_app.py import hmac import streamlit as st def check_password(): """Returns `True` if the user had the correct password.""" def password_entered(): """Checks whether a password entered by the user is correct.""" if hmac.compare_digest(st.session_state["password"], st.secrets["password"]): st.session_state["password_correct"] = True del st.session_state["password"] # Don't store the password. else: st.session_state["password_correct"] = False # Return True if the password is validated. if st.session_state.get("password_correct", False): return True # Show input for password. st.text_input( "Password", type="password", on_change=password_entered, key="password" ) if "password_correct" in st.session_state: st.error("😕 Password incorrect") return False if not check_password(): st.stop() # Do not continue if check_password is not True. # Main Streamlit app starts here st.write("Here goes your normal Streamlit app...") st.button("Click me")

If everything worked out, your app should look like this:

Global passwords

This option allows you to set a username and password for each user of your app. Like in Option 1, both values will be stored in the app secrets using Secrets management.

Your local Streamlit app will read secrets from a file .streamlit/secrets.toml in your app's root dir. Create this file if it doesn't exist yet and add the usernames & password to it as shown below:

# .streamlit/secrets.toml [passwords] # Follow the rule: username = "password" alice_foo = "streamlit123" bob_bar = "mycrazypw"
priority_high

Important

Be sure to add this file to your .gitignore so you don't commit your secrets!

Alternatively, you could set up and manage usernames & passwords via a spreadsheet or database. To use secrets to securely connect to Google Sheets, AWS, and other data providers, read our tutorials on how to Connect Streamlit to data sources.

As the secrets.toml file above is not committed to GitHub, you need to pass its content to your deployed app (on Streamlit Community Cloud) separately. Go to the app dashboard and in the app's dropdown menu, click on Edit Secrets. Copy the content of secrets.toml into the text area. More information is available at Secrets management.

Secrets manager screenshot

Copy the code below to your Streamlit app, insert your normal app code below the check_password() function call at the bottom, and run it:

# streamlit_app.py import hmac import streamlit as st def check_password(): """Returns `True` if the user had a correct password.""" def login_form(): """Form with widgets to collect user information""" with st.form("Credentials"): st.text_input("Username", key="username") st.text_input("Password", type="password", key="password") st.form_submit_button("Log in", on_click=password_entered) def password_entered(): """Checks whether a password entered by the user is correct.""" if st.session_state["username"] in st.secrets[ "passwords" ] and hmac.compare_digest( st.session_state["password"], st.secrets.passwords[st.session_state["username"]], ): st.session_state["password_correct"] = True del st.session_state["password"] # Don't store the username or password. del st.session_state["username"] else: st.session_state["password_correct"] = False # Return True if the username + password is validated. if st.session_state.get("password_correct", False): return True # Show inputs for username + password. login_form() if "password_correct" in st.session_state: st.error("😕 User not known or password incorrect") return False if not check_password(): st.stop() # Main Streamlit app starts here st.write("Here goes your normal Streamlit app...") st.button("Click me")

If everything worked out, your app should look like this:

Individual passwords
forum

Still have questions?

Our forums are full of helpful information and Streamlit experts.