Best practice for authenticating/interacting with private github repos from Jupyter Hub on Kubernetes

Hi, I’m experimenting with JupyterHub. We have it deployed to Kubernetes. I am trying to understand how git authentication would work in this environment. For example, our users need to push and pull from a private github repo to persist notebook files. What would be the best practice for this? Would the user upload their ssh keys to the container where the Jupyter Notebook server is running, or is there another recommended setup? Ideally, we would not want the user to enter their user / password every time they do a push or pull from a private repo. Github also recommends GitHub - git-ecosystem/git-credential-manager: Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services. for doing https auth, but that would require installing an entire .Net app in the container which seems like a big dependency (and more effort than uploading the ssh keys). Thanks.

I suggest users only make use of temporary credentials in a jupyterhub’s user server when possible. This can be done via the gh-scoped-creds project, i think its at yuvipanda/gh-scoped-creds on github with a readme with more details

1 Like

It is actually under the JupyterHub org now! GitHub - jupyterhub/gh-scoped-creds: Provide fine-grained push access to GitHub from a JupyterHub

1 Like

Thanks for this suggestion I will look into using gh-scoped-creds