Generate Environment Keys for User Container Dynamically

Hi,
Our platform allows users to write code in Jupyter Notebooks and then deploy their code to production from the notebook itself. For that, they are assigned an platform api token which they have to manually store in a file at the root of the notebook directory. We would like to take away this manual step, if possible.

Is it possible to call a platform admin API in a python script, get the user’s platform API token, either a) inject it in her environment as an environment variable e.g PLATFORM_API_KEY=aadcsafds or b) programmatically create a file with that key in the user’s directory(which he was supposed to do manually)

Concerns:

  • Calling the platform admin API will require an admin token which we don’t want to expose to the container so that a malicious user cannot misuse it. Is there a way of hiding it or not exposing it.

You could create a pre_spawn_hook to insert an environment variable into the container: https://jupyterhub.readthedocs.io/en/stable/api/spawner.html#jupyterhub.spawner.Spawner.pre_spawn_hook
This is run in the hub so the user container will only see the environment variable.

2 Likes