Hey everyone! I'm curious about how developers usually secure their notebooks and ensure they maintain good security hygiene. Recently, I scanned through around 5000 random notebooks on GitHub and found almost 30 AWS, OpenAI, Hugging Face, and Google keys, even though they were inactive. How do you all manage to keep your notebooks secure?
4 Answers
Devs and hygiene? That's a funny combination! /s
I'm not a developer myself, but I always make sure not to store any secrets in plain text anywhere that could become public. It's a good practice to avoid issues altogether.
That's definitely a wise approach!
Honestly, pre-commit hooks are essential in this process. Anything beyond that is really just trusting that everyone follows the rules, which doesn't always happen.
What about using automation tools to help with these tasks? Any recommendations?
To keep notebooks secure, we generally follow the same principles as we do for all code. Using private repositories is key, and we avoid hardcoding secrets directly in the code. It's also important to use secret management tools that are easy to integrate and secure. Implementing pre-commit hooks to check for any exposed secrets is a must, and automating alerts for when a secret is detected can help us react quickly.
Do you happen to use any specific tools like NB Defense from ProtectAI for that?
In a collaborative space like this, maybe we could focus less on critiquing and more on constructive advice. Just a thought!