Is it possible to change the security token

#1

First of all thank you for all the great documentation!

I have been running my Jupyterhub environment on Kubernetes for a few weeks. I was thinking of possible security risks in case someone gains access to the security token in my config.yaml file.
Is it possible to change the security token once you have a running Jupyterhub environment?

#2

Ah thanks I’m glad you liked the documentation, there are a lot of people who have made contributions to it and I’m one :smiley:

The token should indeed be kept a secret, and there would be security implications of revealing it to malicious users. I’m not confident right away on the implications though, if you want more clarity, are you referring to the proxy.secretToken token specifically?

I think you can change various tokens, but it may cause a disruption of service or force all users to restart their pods or similar.

#3

Thank you for your response.

Yes I was specifically asking about the proxy.secretToken in case of a breach.

#4

Yes, you can change tokens at any time. Depending on which ones you change, different components need to be updated.

To change proxy.secretToken, change the value in your config file and deploy with the same helm upgrade ... command you would for any change. Since both the Hub and proxy use this value, both will restart as part of the deploy. This will be a brief interruption for active users as connections are broken and reestablished.