How do I protect a Laravel route with a universal username/password using this package?

Add the `gatekeeper` middleware to your route or route group. For example: `Route::get('/admin', function () { ... })->middleware('gatekeeper');`. Credentials are configured in `.env` or `config/littlegatekeeper.php` via `LITTLE_GATEKEEPER_USERNAME` and `LITTLE_GATEKEEPER_PASSWORD`.

Does this package work with Laravel 10 or only older versions?

This package requires **Laravel 9+** and **PHP 8.1+**. It’s fully compatible with Laravel 10, but always check the [GitHub repo](https://github.com/spatie/laravel-littlegatekeeper) for the latest version support. No breaking changes are expected for Laravel 10.

Can I use this alongside Laravel’s built-in authentication (e.g., Breeze, Sanctum)?

Yes, this package is designed to **complement** Laravel’s auth. Use it for route-level protection (e.g., `/admin`) while keeping user sessions or API tokens for other routes. Failed attempts won’t interfere with existing auth flows unless explicitly configured.

How do I handle failed login attempts (e.g., lockout, logging)?

The package doesn’t include lockout or logging by default, but you can extend it via `Gatekeeper::attempt()` middleware hook. For logging, pair it with `spatie/laravel-activitylog`. Rate limiting can be added using Laravel’s `throttle` middleware in the same route group.

Are the credentials stored securely, and can I change them dynamically?

Credentials are stored in `.env` or config files (plaintext by default). For dynamic changes, update the config and restart your Laravel queue/worker if using cached routes (`php artisan route:cache`). Avoid hardcoding; use environment variables for production.

Will this work for API routes protected by Laravel Sanctum or Passport?

Yes, but API routes require additional setup. Since this is route-based middleware, pair it with Sanctum/Passport’s middleware. For example: `Route::middleware(['gatekeeper', 'auth:sanctum'])->get('/api/admin', ...);`. Test thoroughly in staging.

Is there a way to reset forgotten credentials without manual config edits?

No built-in reset mechanism exists. Credentials must be updated in `.env` or config files. For production, document the credentials securely (e.g., password manager) or build a custom admin panel to update them via a database-backed solution.

Does this package support multi-factor authentication (MFA) or IP restrictions?

No, this package is a **basic auth layer** (username/password only). For MFA, combine it with Laravel’s `two-factor` package or a third-party solution like `spatie/laravel-2fa`. IP restrictions can be added via middleware hooks in `Gatekeeper::attempt()`.

How do I test this package in a CI/CD pipeline or production?

Test by simulating requests with Postman/cURL or PHPUnit. For CI, mock the middleware in tests using Laravel’s `actingAs` or `withMiddleware`. In production, monitor logs for failed attempts and ensure credentials are rotated periodically. Avoid caching routes if credentials change often.

What are the alternatives if I need role-based access control (RBAC) or OAuth?

For RBAC, use `spatie/laravel-permission` or Laravel’s built-in `Gate` system. For OAuth, integrate `laravel/socialite` or `spatie/laravel-oauth-server`. This package is **not a replacement** for those use cases—it’s optimized for simple, universal access control.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Laravel Littlegatekeeper Laravel Package

spatie/laravel-littlegatekeeper

Laravel middleware to password-protect your app with a single, universal username/password set in config. Quickly gate staging, previews, or temporary launches without building a full auth system; publish config and enable the provider to lock down pages.

View on GitHub

Deep Wiki

Context7

Protect pages from access with a universal username/password

Frequently asked questions about Laravel Littlegatekeeper

How do I protect a Laravel route with a universal username/password using this package?: Add the `gatekeeper` middleware to your route or route group. For example: `Route::get('/admin', function () { ... })->middleware('gatekeeper');`. Credentials are configured in `.env` or `config/littlegatekeeper.php` via `LITTLE_GATEKEEPER_USERNAME` and `LITTLE_GATEKEEPER_PASSWORD`.
Does this package work with Laravel 10 or only older versions?: This package requires **Laravel 9+** and **PHP 8.1+**. It’s fully compatible with Laravel 10, but always check the [GitHub repo](https://github.com/spatie/laravel-littlegatekeeper) for the latest version support. No breaking changes are expected for Laravel 10.
Can I use this alongside Laravel’s built-in authentication (e.g., Breeze, Sanctum)?: Yes, this package is designed to **complement** Laravel’s auth. Use it for route-level protection (e.g., `/admin`) while keeping user sessions or API tokens for other routes. Failed attempts won’t interfere with existing auth flows unless explicitly configured.
How do I handle failed login attempts (e.g., lockout, logging)?: The package doesn’t include lockout or logging by default, but you can extend it via `Gatekeeper::attempt()` middleware hook. For logging, pair it with `spatie/laravel-activitylog`. Rate limiting can be added using Laravel’s `throttle` middleware in the same route group.
Are the credentials stored securely, and can I change them dynamically?: Credentials are stored in `.env` or config files (plaintext by default). For dynamic changes, update the config and restart your Laravel queue/worker if using cached routes (`php artisan route:cache`). Avoid hardcoding; use environment variables for production.
Will this work for API routes protected by Laravel Sanctum or Passport?: Yes, but API routes require additional setup. Since this is route-based middleware, pair it with Sanctum/Passport’s middleware. For example: `Route::middleware(['gatekeeper', 'auth:sanctum'])->get('/api/admin', ...);`. Test thoroughly in staging.
Is there a way to reset forgotten credentials without manual config edits?: No built-in reset mechanism exists. Credentials must be updated in `.env` or config files. For production, document the credentials securely (e.g., password manager) or build a custom admin panel to update them via a database-backed solution.
Does this package support multi-factor authentication (MFA) or IP restrictions?: No, this package is a **basic auth layer** (username/password only). For MFA, combine it with Laravel’s `two-factor` package or a third-party solution like `spatie/laravel-2fa`. IP restrictions can be added via middleware hooks in `Gatekeeper::attempt()`.
How do I test this package in a CI/CD pipeline or production?: Test by simulating requests with Postman/cURL or PHPUnit. For CI, mock the middleware in tests using Laravel’s `actingAs` or `withMiddleware`. In production, monitor logs for failed attempts and ensure credentials are rotated periodically. Avoid caching routes if credentials change often.
What are the alternatives if I need role-based access control (RBAC) or OAuth?: For RBAC, use `spatie/laravel-permission` or Laravel’s built-in `Gate` system. For OAuth, integrate `laravel/socialite` or `spatie/laravel-oauth-server`. This package is **not a replacement** for those use cases—it’s optimized for simple, universal access control.

View on GitHub

Stars

191

Favorites

193

Forks

Score

25.6

License

MIT

Last release

Feb 21, 2026

Watchers

Downloads

1K/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

davejamesmiller/laravel-breadcrumbs

artisanry/parsedown

christhompsontldr/phpsdk

enqueue/dsn

bunny/bunny

enqueue/test

enqueue/null

enqueue/amqp-tools

milesj/emojibase

bower-asset/punycode

bower-asset/inputmask

bower-asset/jquery

bower-asset/yii2-pjax

laravel/nova

spatie/laravel-mailcoach

spatie/laravel-superseeder

laravel/liferaft

nst/json-test-suite

danielmiessler/sec-lists

jackalope/jackalope-transport