There exists some confusing information on how to implement password protection for your staging environment. I found the following config suitable: Use your production env for staging and configure the required password with an env-variable.
Add to your
config.middleware.insert_after(::Rack::Runtime, "::Rack::Auth::Basic", "Staging") do |u, p|
[u, p] == ['staging', ENV['STAGING_PASSWORD']]