By "staging environment" I'm referring to any non-production environment that you need to access over HTTPS, either ephemeral or long-lived and potentially shared. Iām curious what you all are using to protect these environments.
Are you using basic auth? If so, how are you managing usernames & passwords?
Are you using a VPN?
Are you using something else?
Top comments (1)
If the people who need access to your staging environment have stable IP addresses, you could get away with just setting up firewall rules that only allow those addresses.
As an alternative to VPN you can also use SSL client certificates and set up the staging environment's web server to require a valid certificate. This is what I use at the moment for protecting a staging environment. For Mac OS X and Windows it's pretty much a matter of installing the certificate into the Keychain or Windows' certificate store, and it will be automatically picked up by Google Chrome.