Using gh-scoped-creds to securely push changes to Github repository#
GitHub Scoped Credentials#
Purpose:#
gh-scoped-creds allows instructors and students using Datahub to securely push changes to specific GitHub repositories without exposing broader access or long-term credentials.
Goals:#
Secure Repository Access: Users can push only to specific repositories.
Temporary Credentials: No long-term storage of sensitive data.
Admin Control: GitHub organization admins manage which repositories can be accessed.
How It Works:#
GitHub App: A GitHub app is created for Datahub.
Temporary Tokens: Use the command line tool
gh-scoped-creds
to get a temporary push token.Integration: Use
%ghscopedcreds
in Jupyter notebooks for easy access.
Requesting Access/Installation:#
Install the GithHub App:
Reach out to infra admins inorder to get the URL for the GitHub app that you need to install. Click the green button “install” after navigating to the app URL to install the app. Eg: Here is the list of GitHub apps created for varied hubs.
Select specific repositories for which you want to grant read and write access.
Add gh-scoped-creds Package to Hub Image:
Request admins to add
gh-scoped-creds
to the hub’s image by specifying the hub you are using via this template. Here is a sample request for addinggh-scoped-creds
in Data100 hub.
Using the Tool:#
Run the Tool:
gh-scoped-creds
Follow the instructions to authenticate and obtain a temporary token.
In Jupyter Notebook:
import gh_scoped_creds %ghscopedcreds
Authenticate as prompted.
Security Notes:#
Authentication lasts for 8 hours.
Regularly update permissions to ensure security.
Troubleshooting:#
Check the GitHub App settings for correct permissions.
For more details, visit the GitHub repository.