How to deploy Streamlit using st.login() to Digital Ocean

Hi Draco,

One simple workaround on DigitalOcean (especially if you’re using a Droplet) is to upload your secrets.toml file after deployment via SSH. You can place it in ~/.streamlit/secrets.toml on the server and make sure that file is not tracked in your Git repo.

Basically:

1. SSH into your Droplet.

2. Create the folder: mkdir -p ~/.streamlit

3. Upload your secrets.toml securely, eg: scp secrets.toml root@your_droplet_ip:~/.streamlit/secrets.toml

This keeps your secrets file out of your repo and allows Streamlit to find it where it expects it.

Alternatively, if you’re using App Platform, you might want to refactor your code to pull secrets from environment variables instead, since App Platform lets you manage those securely.

Hope that this helps!

- Bobby

Heya,

Since st.secrets (not st.login() — I assume you meant st.secrets["key"]) specifically loads from a secrets.toml file and not environment variables, here’s how you can securely manage this for deployment:

Solution: Use a secure secrets.toml during deployment via environment-aware scripting

Here’s a practical and secure approach:

1. Keep secrets.toml out of version control

• Add it to .gitignore:

.streamlit/secrets.toml

2. Create secrets.toml during deployment from environment variables

Instead of uploading the file, create it during the deployment process using a script (e.g., in your Dockerfile, cloud-init, or startup script). Here’s how:

Example deployment shell script:

#!/bin/bash

# Create the .streamlit directory if it doesn't exist
mkdir -p /app/.streamlit

# Write secrets.toml from environment variables
cat <<EOF > /app/.streamlit/secrets.toml
[general]
username = "${STREAMLIT_USERNAME}"
password = "${STREAMLIT_PASSWORD}"
EOF

Set the STREAMLIT_USERNAME and STREAMLIT_PASSWORD as environment variables in DigitalOcean (via the App Platform UI if using that, or in your shell if you’re using a droplet).