Keep JupyterHub usernames / passwords in a CouchDB - The CouchDBAuthenticator

For workshops and seminars, sometimes I just want to setup a JupyterHub for an afternoon or so. For such an event, I just prepare a list of usernames and passwords which I hand out to people. If somebody shows up unexpectedly, I might need to quickly add that person, be it a member of our organization or not. If a person doesn’t show up, I might want to quickly disable the account. This requires some flexibility.

When I searched for a suitable authenticator some time back, I didn’t really like any of them for my specific use-case. Probably the closest one was Keep JupyterHub usernames / passwords in a Google Sheet. In the end, I came up with GitHub - 1kastner/CouchDBAuthenticator: An authenticator for JupyterHub that uses CouchDB for maintaining user credentials. The usernames and passwords are stored in documents on a CouchDB which is a NoSQL database. Users can easily be created, viewed, and updated by creating respective documents in the CouchDB through its REST API. In addition, CouchDB comes with its own web UI so that even your colleagues who aren’t much into system administration can help out during the seminar! For me, this was a big plus.

I don’t really suggest to use this authenticator as it is inertly insecure. For any JupyterHub that runs longer than a few hours, there are so many better alternatives out there that are worth the effort of setting up. And some of them also offer a REST API, such as keycloak that can work as an OAuth provider. So please check carefully that this low level of security is really fine for you. But maybe one of you is in a similar situation like me and likes my chosen approach? Then I’d be happy to hear from you!


I was in a similar situation at some point but found great success with HashAuthenticator. New users can be added right through the admin panel, passwords viewable in plain text on /login_list

Server hosting it had no ports open to the outside world, only accessible through school network / vpn.

1 Like

Thanks for sharing! That sounds like a very good alternative. As far as I understand the authenticator, it does not allow to disable user accounts, right? A feature that might only sometimes be relevant though.