Hubs and secret management - Launch Week 1 - Day 3
Welcome to the third day of Livebook Launch Week! 🎉
In today’s post, we’ll explore the new security features in Livebook 0.9, including the introduction of Hubs for centralized secret management and notebook stamping to enhance user experience while maintaining security.
We’ll also give you a sneak peek into the upcoming Livebook Teams product, designed to streamline the experience of using Livebook within a team.
Let’s dive in and discover how these features can improve your workflow and secure your notebooks!
What’s wrong with computational notebooks?
Throughout the development of Livebook, one of the sources that informed our roadmap was a paper published in 2020 called “What’s Wrong with Computational Notebooks? Pain Points, Needs, and Design Opportunities”. The paper shows that computational notebook users face numerous pain points while using that kind of tool. One of those problems is security.
The paper defines that problem as follows:
Maintaining data confidentiality and access control is an ad hoc, manual process where errors can leak private client data
Here’s a quote about that problem by one of the people interviewed by the researchers:
We are missing a more private way of handling credentials. I don’t want client credentials be visible to others
To address that pain point, we added built-in secret management to Livebook since version 0.7.
Livebook’s built-in secret management allows your notebook to use sensitive data without hardcoding it. For example, imagine your notebook needs to use a password-protected API; this is how you’d save that password using Livebook Secrets from version 0.7:
As you create more and more notebooks and more secrets, you’ll eventually want to see all the secrets you created. But before Livebook 0.9, the only way to see all the secrets you configured was inside a notebook.
Now, we have a better way.
Livebook Hubs
This new Livebook release introduces a concept we’re calling Hubs.
Every new Livebook installation comes with a default personal Hub. This is the place where Livebook will save your secrets and where you can manage all of them. Let’s see how it works.
But a Hub is not only a place to centralize your secrets. When you visit your personal Hub, you’ll notice another section called Stamping.
Notebook stamping
Before explaining this feature, let’s discuss why we created it.
Imagine the following scenario. You have a secret in your Livebook called “API_PASSWORD.” If you download a notebook from the internet, you don’t want that secret to be accessible by that notebook by default. That’s why you must explicitly share a Livebook secret with a notebook.
But what if you were opening a notebook you created and had already shared secrets with that notebook? Although you already trust that notebook, Livebook would still make you explicitly share secrets with it every single time you open it. Let’s watch a video that illustrates that UX problem:
Enters notebook stamping.
Livebook 0.9 automatically stamps your notebooks so you don’t need to share a secret more than once with a notebook you trust. The notebook stamp contains the list of the secret names you explicitly shared with the notebook, and it’s encrypted using your secret key saved in your personal Hub.
Let’s see a video of how that new feature improves the UX of Livebook Secrets.
We also use the notebook source itself to generate the stamp, so someone can’t get your stamp and go stamping other notebooks, pretending it’s yours.
Since the stamping uses the secret key saved in your personal Hub, if you’re using Livebook on multiple machines and want to share notebooks between them, you can configure them with the same secret key.
With this update to Livebook’s security capabilities, we aim to ensure users can enjoy a secure working environment without compromising on ease of use.
But there’s still one problem left. What if you’re working in a team and you want to share secrets among team members? You don’t want to share your personal secret key; it’s yours. Enters Livebook Teams.
Livebook Teams
Livebook Teams is a paid product we’re developing that will streamline the experience of using Livebook within a team.
Livebook Teams is not a different version of Livebook. Instead, it is a Hub that all of your team members and colleagues connect to in order to work together.
It will manage all the Livebook Secrets shared by your team and be responsible for stamping all the notebooks that belong to your group, so you can safely share secrets and notebooks among team members.
We have a lot of features planned for Livebook Teams, it’s not only about security and secret management. It will also enable your team to:
- deploy notebooks inside your company
- schedule and audit notebook execution
- authentication and authorization of team members
And there’s a lot more coming!
If using Livebook inside your company sounds interesting to you, please submit our form to help us to inform our roadmap and get updates about it.
What now?
We encourage you to go ahead and install Livebook’s latest version so you can have a better user experience while maintaining the security of your notebooks.
And if you have any comments or want to share what you’ve built using Livebook, you can tweet using the #LivebookLaunchWeek hashtag.
Stay tuned for the following announcement of the Livebook Launch Week!