I would like to use Binder in a workshop with non-coders and would like them to use it for sample API calls, for which purpose I would also like to give them a personal API key as I cannot expect them to sign up for their own. Is there a way to safely provide the key to participants and letting them run it? The problem is that the repos are essentially public. I would, of course, delete the key right after the workshop anyways.
They only secure way is to run your own BinderHub- then you could pass secret tokens as environment variables, or configure it to pull from a private repository.
Note that although the public mybinder.org doesn’t have any known vulnerabilities it allows anyone to run arbitrary code and applications on a shared system, so it’s always going to be riskier than if you ran your own system that was restricted to trusted users.
1 Like