I have a security question: how do I protect my data access passwords in jupyterhub? Here is my scenario:
- I’m using a third-party jupyterhub service. Maybe this is through my University. Maybe this is through a 3rd party company. Who knows. The jupyterhub is running on someone else’s servers, but I can assume they’ve done reasonable due diligence with respect to security in their setup. I cannot be sure that other people using the service (non-admins) are trustworthy.
- I need to use a username and password in my notebook to access data from somewhere.
There are a couple of ways I could approach this:
I could put my username and password in the notebook itself as variables. This is not great for a couple of reasons I can think of:
1.1. It would be ridiculously easy to accidentally save my notebook somewhere with the username and password.
1.2 The connection between the notebook and the kernel is not encrypted (https://jupyterhub.readthedocs.io/en/stable/reference/websecurity.html), so I’d run the risk of other users sniffing my traffic and seeing my password.
I could create an unencrypted .env file or .netrc file on the server running my notebook and put the information in there. This means I’m less likely to accidentally save the notebook with my password, but it’s still not great:
2.1 I’d be saving my password in plain text on a 3rd party server.
2.2 My password would once again be send unencrypted to the kernel because the only way I can think of creating the file is by either using the terminal program to edit the file or the text editor in jupyter.
So what should I do?