I have integrated Jupyterhub with Active directory (LDAP) and bind password have been set us in plain text.Is there a way we can encrypt the password and configure or pass the password from a file.
The JupyterHub configuration file is just Python. For example, you could try something like this in your jupyterhub_config.py:
with open("password-file.txt") as f:
password = f.read().strip()
c.WhateverYourAuthenticatorIs.password = password
@manics tried the suggestion and it is working , do have any inputs on passing password in encrypted format.
Even if you encrypt your bind password, you will need to pass the βnewβ password that is needed to decrypt your bind password to JupyterHub. So, I dont think you are minimize any attack vector.
Try to avoid using bind password for LDAP. Which authenticator are you using? You can use the username and password provided by the user of JupyterHub to make an authenticated bind and retrieve attributes.
1 Like