Password Protection

Password-protected environments

Uffizzi allows you to configure a username and password for your Preview Environments to limit who has access to them. This feature is enabled per project, so anyone navigating to the URL of any Preview Environment of that project, either via a web browser or with a command like curl, must enter valid credentials to gain access. To configure this feature, you must be an account Owner.

Select your CI provider to begin set up:

Configure password protection for Uffizzi CI

  1. In the Uffizzi Dashboard, navigate to your project, then select Project Settings > Password protection > Edit > Enabled (toggle).

Password protection
  1. Enter a username and password, then select Save.

Password protection will now be enabled for all environments belonging to this project, including any pre-existing environments. To access these Preview Environments, you can pass your credentials via the web browser or curl command.

Configure password protection for GitHub Actions (or other external CI)

  1. In the Uffizzi Dashboard, navigate to your project, then select Project Settings > Password protection > Edit > Enabled (toggle).
    Password protection
  2. Enter a username and password, then select Save.
  3. Store credentials as GitHub Actions secrets.
    In GitHub, navigate to your repository. Then select Settings > Secrets and variables > Actions > Secrets (tab) > New repository secret. (Be sure you add a new repository secret from the Secrets tab, not a new repository variable from the Variables tab). Add a secret name and value, then select Add secret.

GitHub Actions secrets
Add secret
  1. Pass credentials as parameters in your preview job.
    If you are using the official Uffizzi preview action (opens in a new tab) with the reusable workflow (opens in a new tab), you will also need to pass the environment username and password to the reusable workflow via url-username (opens in a new tab) and url-password (opens in a new tab) parameters. These credentials are used by the preview action (and Uffizzi) to perform health checks on your Preview Environments. You can see example usage here (opens in a new tab).
.github/workflows/uffizzi-preview.yaml
deploy-uffizzi-preview:
  name: Use Remote Workflow to Preview on Uffizzi
  needs: render-compose-file
  uses: UffizziCloud/preview-action/.github/workflows/reusable.yaml@v2.2.0
  if: ${{ github.event_name == 'pull_request' && github.event.action != 'closed' }}
  with:
    ...
  secrets:
    url-username: ${{ secrets.URL_USERNAME }}
    url-password: ${{ secrets.URL_PASSWORD }}
  permissions:
    ...

Password protection will now be enabled for all environments belonging to this project, including any pre-existing environments. To access these Preview Environments, you can pass your credentials via the web browser or curl command.

Access via web browser

If you visit the preview URL in a browser, you can enter the environment username and password in the http dialog window, as shown in the screenshot below. Select Log in to be redirected to the Preview Environment.


HTTP dialog window

Access via curl

You can access a password-protected environment via the curl command by passing the environment username and password as an argument. For example:

curl -u "username:password" [PREVIEW_URL]
💡

The official Uffizzi preview action (opens in a new tab) uses the curl command to check for successful deployments of Preview Environments. You can see how the Uffizzi preview action performs this check here (opens in a new tab).

Suggested articles