The easiest way to lock a rails/rack application staging server from prying eyes and prying search engines.


Try to guess the codeword! (


icon will give you a hint!)

or admit defeat, and visit this pre-baked URL
(or hover over the black box):

or admit defeat (the codeword is: ring), and visit this pre-baked URL:

Redirect Demo

You can send someone a link to anywhere on your locked site and it will be preserved once they unlock the site.

Old busted

Fig. 1: Lame & Annoying

New fancy

Fig. 2: Simple & Awesome

You think you’re clever, editing .htaccess files, or adding some middleware code to your application.rb file to protect your staging server, but you’re not. Everyone hates that little username/password sheet. You know the one (see Fig. 1 above). Your clients hate it, your coworkers hate, yes, even your mom hates it. It’s overkill, and it doesn’t work with password managers, and it only gets remembered for a session. The reason that client hasn’t emailed your back? Because they’re too embarrassed to ask for the login credentials for a fifth time.

gem 'lockup'

Add Lockup to your rails bundle. Choose a lockup codeword and add it to your application.yml file (if you’re using figaro) or to your application.rb file and you're set.

Now you have a simple, pretty, codeword-protected site that always redirects properly and is remembered on a particular browser until the codeword is changed. Oh, and for your less technically-inclined clients or team members, you can pass the codeword in the link you send them and they never even have to type it in.

Go ahead, try it. Jim from account services will love you. And so will your mom.