Problem
Currently API keys are stored via the settings system, which ends up in the browser storage in the case of JupyterLite and on the server for JupyterLab.
This is not great, because it can easily be retrieved, and is also stored in plain text.
Proposed Solution
Have a proper way to store API keys and secrets.
The default implementation could just store them in memory for the duration of the session.
Ultimately this should be pluggable, so folks can provide different implementations for example if they want to store and retrieve secrets from a remote location.
Additional context
Likely to be done after:
If something similar ends up in Jupyter AI, replace the plugin providing that functionality:
Problem
Currently API keys are stored via the settings system, which ends up in the browser storage in the case of JupyterLite and on the server for JupyterLab.
This is not great, because it can easily be retrieved, and is also stored in plain text.
Proposed Solution
Have a proper way to store API keys and secrets.
The default implementation could just store them in memory for the duration of the session.
Ultimately this should be pluggable, so folks can provide different implementations for example if they want to store and retrieve secrets from a remote location.
Additional context
Likely to be done after:
If something similar ends up in Jupyter AI, replace the plugin providing that functionality: