diff options
author | danielgruesso <dgruesso@gitlab.com> | 2019-06-04 11:35:58 -0400 |
---|---|---|
committer | danielgruesso <dgruesso@gitlab.com> | 2019-06-04 11:35:58 -0400 |
commit | 8ece105134dfda99ac77f8769643a081f0327f3c (patch) | |
tree | df18fa3e554c5ec3a94ada8d78893588d040bfd2 | |
parent | 59a5974fa8f64999b6ae92f14f66fc455c1c8df1 (diff) | |
download | gitlab-ce-docs-jupyter-git.tar.gz |
Add note about token storage in plain textdocs-jupyter-git
-rw-r--r-- | doc/user/clusters/applications.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/user/clusters/applications.md b/doc/user/clusters/applications.md index 3fc79197517..669ed3806ce 100644 --- a/doc/user/clusters/applications.md +++ b/doc/user/clusters/applications.md @@ -166,6 +166,13 @@ is automatically provisioned and configured using the authenticated user's: JupyterLab's Git extension enables full version control of your notebooks as well as issuance of Git commands within Jupyter. Git commands can be issued via the **Git** tab on the left panel or via Jupyter's command line prompt. +NOTE: **Note:** +JupyterLab's Git extension stores the user token in the JupyterHub DB in encrypted format +and in the single user Jupyter instance as plain text. This is because [Git requires storing +credentials as plain text](https://git-scm.com/docs/git-credential-store). Potentially, if +a nefarious user finds a way to read from the file system in the single user Jupyter instance +they could retrieve the token. + ![Jupyter's Git Extension](img/jupyter-git-extension.gif) Clone repositories from the files tab in Jupyter |