We have deployed JupyterHub to Kubernetes. I am trying to understand how git authentication would work in this environment. For example, our users need to push and pull from a private github repo to persist notebook files. What would be the best practice for this? Ideally, we would not want the user to enter their user / password every time they do a push or pull from a private repo. Here are the options we are considering:
Have the user upload their ssh keys to the container where the Jupyter Notebook server is running.
Similarly, install a git credential manager along with JupyterHub on the Kubernetes Pod like https://github.com/git-ecosystem/git-credential-manager and have them their persist their creds using that.
Another person suggested that you could use OIDC when authenticating into the Jupyter Hub pod to also authenticate to Git, and then use that auth. Is that a viable approach? In that flow it's not clear to me how Git would access the auth creds when doing the git operations (from either the Jupyter Notebook extension or the command line) But it would be great if there's a way it could be automatic and the user would not need to go through the extra step of storing their credentials in the pod.
Are any of the above the recommended option, or is there another approach we should consider? Thanks.
I have run JupyterHub and tried the SSH key approach, though it is made trickier by the fact that I couldn't copy and paste from my clipboard to the server command line (even though I enabled it in Chrome).
