Skip to content

Use the secrets manager#53

Merged
jtpio merged 4 commits into
jupyterlite:mainfrom
brichet:secrets-manager
Mar 13, 2025
Merged

Use the secrets manager#53
jtpio merged 4 commits into
jupyterlite:mainfrom
brichet:secrets-manager

Conversation

@brichet

@brichet brichet commented Mar 6, 2025

Copy link
Copy Markdown
Collaborator

This PR uses the secrets manager to handle passwords in settings.

The tests are not intended to work, since the secrets manager package has not been published yet.
To test it, one should install locally jupyter-secrets-manager and use yalc to link the Javascript package.

@brichet brichet added the enhancement New feature or request label Mar 6, 2025
@brichet brichet marked this pull request as ready for review March 11, 2025 15:45
Comment thread src/index.ts
autoStart: true,
requires: [IFormRendererRegistry, ISettingRegistry],
optional: [IRenderMimeRegistry],
optional: [IRenderMimeRegistry, ISecretsManager],

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like with this change, API keys are not stored on the page anymore since it will be using the default in-memory secret manager?

Wondering if we should still have a secret manager that stores secrets in the browser, for convenience? Or maybe have an option to choose between in-memory and in-browser storage?

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like with this change, API keys are not stored on the page anymore since it will be using the default in-memory secret manager?

Right

Wondering if we should still have a secret manager that stores secrets in the browser, for convenience?

There is one available in the secrets manager repository: LocalStorageConnector.

But the secrets manager does not allow change of connector on the fly, and that's probably better for security reason. This means that the extension need to choose one or the other at startup I guess.

Or maybe have an option to choose between in-memory and in-browser storage?

It is probably the simplest solution, a toggle button whether to use or not the secrets manager. If it is not used, the secrets would be stored in the local storage as any other settings.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is now an option to disable the secrets manager.

  • when the secrets manager is disabled, (1) the current form is saved in the local storage, to include the passwords that was previously not saved, and (2) the password inputs are detached from the secrets manager
  • when the secrets manager is enabled, (1) the secrets existing in the local storage are deleted, and (2) the password input are attached to the secrets manager

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, sounds good 👍

@jtpio jtpio left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@jtpio jtpio merged commit 2c7dc9e into jupyterlite:main Mar 13, 2025
@brichet brichet deleted the secrets-manager branch March 13, 2025 20:06
@brichet brichet mentioned this pull request Mar 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants