This project comes preconfigured with an encryption module (disabled by default) that uses staticrypt to encrypt the published site. This module is triggered by using yarn build:encrypted instead of yarn build when compiling the static site.
Encryption is done in-place in the build directory by staticrypt. This package wraps every html page in that directory with a password prompt. A sample salt key is set up in .staticrypt.json. See the staticrypt readme for additional configuration details.
yarn build:encrypted uses yarn encrypt under the hood, so changes to the latter can be made to modify how staticrypt is being called.
Staticrypt does require a password to be provided via the STATICRYPT_PASSWORD environment variable. Staticrypt will read this value from .env automatically, so the sample file provided in the project can be duplicated and modified to set the password for development purposes. This environment variable will also have to be set on the production system as well.
Hosting Setup:
- Use
yarn build:encryptedinstead ofyarn buildas the build script with your platform of choice. - Create a
STATICRYPT_PASSWORDenvironment variable on the build platform containing the password you would like to use.
Advantage
- Unlike cloudflare-pages-auth, this method can be used with any static host like Vercel, Netlify, Github Pages, etc.
Limitations
- Quartz must be set to
enableSPA: falseor navigating from page to page won’t work properly. This results in a less-smooth navigation experience. - If a user doesn’t check the “Remember me” checkbox it will re-request a password on each page. This is a feature/limitation of staticrypt itself.