Password protection

SITE_PASSWORD env + [web] password = true

Ask your agent

Put a password on my app so only people I choose can open it.Read the guide at percher.app/docs/password-protection

For agents and developers

Password-protect your site so only people with the password can open it. Visitors see a branded login page — no browser popup — before they reach your app.

Every app is public by default. Its URL is openly reachable, so protection is opt-in. It takes two steps that work together, then applies on your next deploy.

# 1. Turn on the gate — add this to your [web] block in percher.toml
[web]
password = true

# 2. Set the actual password (stored encrypted; never put it in percher.toml)
bunx percher env set SITE_PASSWORD=your-secret-here

# 3. Deploy — protection is applied during the deploy
bunx percher publish

Both pieces are required — the “password = true” switch and the SITE_PASSWORD secret. Setting one without the other does not protect the site. To confirm it worked, open your app's URL: you should see the login page first. To turn it off, set password = false (or remove the line) and deploy again.

All plans. No extra cost. Visitors who enter the correct password get a 7-day cookie — they won't be asked again until it expires. Rotating SITE_PASSWORD takes effect immediately (no redeploy) and invalidates every existing cookie.

← PrevEnvironment variables Next →percher.toml — full reference