Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add instructions to securely manage token #2322

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Add instructions to securely manage token #2322

wants to merge 12 commits into from
+59 −19

Conversation

abbycross
Copy link
Collaborator

Closes #2255

@abbycross abbycross self-assigned this Nov 14, 2024
@review-notebook-app Review Notebook App
Copy link

Check out this pull request on  ReviewNB

See visual diffs & provide feedback on Jupyter Notebooks.

Powered by ReviewNB

@abbycross
Copy link
Collaborator Author

I've added this content into a twistie in the requested spots. I wonder about potential confusion around the nesting, though - particularly on the functions page, where two similar code blocks appear one after the other when the twistie is opened. An alternative would be to separate this information out into a separate page, and simply point to that page from the three requested spots. Does this merit a separate page or is it working in-context? Thoughts @beckykd @javabster @pandasa123 ?

@beckykd
Copy link
Collaborator

beckykd commented Nov 15, 2024

confusion around the nesting

I wonder if it would make more sense to move the twistie after the save_account code block.

You could also separate the information into another section so it stands out better.

(Optional) Save your account information

You can optionally use the save_account() method or environment variables...

save account method

environment variables

@abbycross
Copy link
Collaborator Author

confusion around the nesting

I wonder if it would make more sense to move the twistie after the save_account code block.

You could also separate the information into another section so it stands out better.

(Optional) Save your account information

You can optionally use the save_account() method or environment variables...

save account method

environment variables

I like this idea to move save-account info into its own section - I'll mock it up.

@abbycross abbycross marked this pull request as ready for review November 15, 2024 17:00
@qiskit-bot
Copy link
Contributor

One or more of the following people are relevant to this code:

pandasa123
pandasa123 approved these changes Nov 15, 2024
View reviewed changes
Copy link
Collaborator

@pandasa123 pandasa123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Eric-Arellano
Eric-Arellano reviewed Nov 15, 2024
View reviewed changes
docs/guides/setup-channel.mdx Show resolved Hide resolved
docs/guides/setup-channel.mdx Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated

```python
import os
from qiskit_ibm_catalog import QiskitFunctionsCatalog
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This example is only relevant for Functions, which not everyone uses. Should this code sample be for Runtime? And then Functions is a subsection?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pandasa123 we could use a Runtime code sample for the setup-channel page, and then use the one you provided for the Functions page (adding a separate section there). Sound ok?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, just spoke to Sanket in-person, who says it should work even when not using functions.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But on https://docs.quantum.ibm.com/guides/install-qiskit we don't say to install qiskit-ibm-catalog, and there is no reason to install it unless you're using Functions.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pandasa123 ⬆️

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, just spoke to Sanket in-person,
Just casually making us jealous...

frankharkins
frankharkins reviewed Nov 18, 2024
View reviewed changes
Copy link
Member

@frankharkins frankharkins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Honest question: How is this more secure? Any process that can read files can get the environment variable, and the environment variable is still plaintext. Would be nice to add a line explaining why.

@Eric-Arellano
Copy link
Collaborator

How is this more secure? Any process that can read files can get the environment variable, and the environment variable is still plaintext. Would be nice to add a line explaining why.

Storing secrets in source code is extremely dangerous because source code gets checked into version control like Git. With reading from an environment variable, it is true that any process with access to os.environ can access it - however it's at least not in version control.

@frankharkins
Copy link
Member

Storing secrets in source code is extremely dangerous

Yes but that's not the alternative. We're proposing environment variables as an alternative to storing in a config file (~/.qiskit/qiskit-ibm.json). I don't see how it's much different from putting your token in a .envrc.

beckykd
beckykd approved these changes Nov 18, 2024
View reviewed changes
docs/guides/functions.ipynb Outdated Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated Show resolved Hide resolved
docs/guides/setup-channel.mdx Outdated Show resolved Hide resolved
@abbycross
Copy link
Collaborator Author

@Eric-Arellano @pandasa123 I used tabs to demo the two ways to accomplish this. Do the tab labels make sense? (I used "Within Qiskit Runtime" and "Within Qiskit Functions")
https://qiskit.github.io/documentation/pr-2322/guides/setup-channel#securely-manage-your-token

@pandasa123
Copy link
Collaborator

pandasa123 commented Nov 18, 2024
edited
Loading

Yes but that's not the alternative. We're proposing environment variables as an alternative to storing in a config file (~/.qiskit/qiskit-ibm.json). I don't see how it's much different from putting your token in a .envrc.

I don't fully disagree, but the number of people who share notebooks with their API token embedded inside is incredibly high. We should be telling them how to better handle their tokens

Do the tab labels make sense?

Yep

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frankharkins frankharkins frankharkins left review comments

@Eric-Arellano Eric-Arellano Eric-Arellano left review comments

@beckykd beckykd beckykd approved these changes

@pandasa123 pandasa123 pandasa123 approved these changes

Assignees

@abbycross abbycross

Labels
None yet
Projects
Docs Planning
Status: No status
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update guidance to manage tokens in environment, rather than plaintext
6 participants
@abbycross @beckykd @qiskit-bot @Eric-Arellano @frankharkins @pandasa123