Securing Filament Access with Filament Access Secret

Published on by Dasun Tharanga

Filament Access Secret

How It Works

The package works by adding a middleware to Filament's routing system. When a request is made to access the admin panel, the middleware checks if the provided secret key matches the one set in the .env file. If the secret key matches, the request is allowed, and the admin panel is accessible. Otherwise, a 404 page is displayed, indicating that access is restricted.

Installation

To get started, you'll need to install the "Filament Access Secret" package via Composer. Open your terminal and run the following command:

1composer require dasundev/filament-access-secret

If you wish to customize the configuration options, you can publish the package's config file using the following command:

1php artisan vendor:publish --tag="filament-access-secret-config"

Usage

Once you've installed the package, open your .env file and add the following key-value pair:

1FILAMENT_ACCESS_SECRET_KEY=secret

Replace secret with the desired secret key you want to use. This secret key will serve as the access token to Filament.

To access Filament, you need to append the secret key to the Filament URL. Here's an example:

1https://my-website.com/admin/secret

By including the secret key in the URL, you ensure that only users who have the correct access token can access the Filament admin panel.

Disabling Secret Access

If you want to disable the secret access temporarily or permanently, you have two options:

  1. Keep the FILAMENT_ACCESS_SECRET_KEY value empty in your .env file.
  2. Delete the FILAMENT_ACCESS_SECRET_KEY key from the .env file.

Either of these options will disable the secret access requirement, allowing anyone to access the Filament admin panel without providing a secret key.

Conclusion

Adding an access secret to your Filament installation provides an additional layer of security, ensuring that only authorized users can access the admin panel. With the "Filament Access Secret" package, you can easily require a secret key in the URL to secure your Filament access. By following the installation and usage instructions outlined in this blog post, you can enhance the security of your Filament-powered application and protect sensitive data.

Remember, security is crucial, and taking proactive steps to safeguard your admin panel is a wise decision.

Stay secure and enjoy using Filament! 💛