Add note about token storage in plain textdocs-jupyter-git

author: danielgruesso <dgruesso@gitlab.com> 2019-06-04 11:35:58 -0400
committer: danielgruesso <dgruesso@gitlab.com> 2019-06-04 11:35:58 -0400
commit: 8ece105134dfda99ac77f8769643a081f0327f3c (patch)
tree: df18fa3e554c5ec3a94ada8d78893588d040bfd2
parent: 59a5974fa8f64999b6ae92f14f66fc455c1c8df1 (diff)
download: gitlab-ce-docs-jupyter-git.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md
index 3fc79197517..669ed3806ce 100644
--- a/doc/user/clusters/applications.md
+++ b/doc/user/clusters/applications.md
@@ -166,6 +166,13 @@ is automatically provisioned and configured using the authenticated user's:
 JupyterLab's Git extension enables full version control of your notebooks as well as issuance of Git commands within Jupyter.
 Git commands can be issued via the **Git** tab on the left panel or via Jupyter's command line prompt.
 
+NOTE: **Note:**
+JupyterLab's Git extension stores the user token in the JupyterHub DB in encrypted format
+and in the single user Jupyter instance as plain text. This is because [Git requires storing
+credentials as plain text](https://git-scm.com/docs/git-credential-store). Potentially, if
+a nefarious user finds a way to read from the file system in the single user Jupyter instance
+they could retrieve the token.
+
 ![Jupyter's Git Extension](img/jupyter-git-extension.gif)
 
 Clone repositories from the files tab in Jupyter
author	danielgruesso <dgruesso@gitlab.com>	2019-06-04 11:35:58 -0400
committer	danielgruesso <dgruesso@gitlab.com>	2019-06-04 11:35:58 -0400
commit	8ece105134dfda99ac77f8769643a081f0327f3c (patch)
tree	df18fa3e554c5ec3a94ada8d78893588d040bfd2
parent	59a5974fa8f64999b6ae92f14f66fc455c1c8df1 (diff)
download	gitlab-ce-docs-jupyter-git.tar.gz