You can now write secrets into your subdomain with:
For security you need to prove your uid was write access via a DNS-01-like challenge:
You can inject secret values into serverside cells, thus the secret value is never exposed to the end user of the notebook!
This enables OAuth 2.0 integrations in public notebooks and a ton more.
Just to prove how fricken’ powerful this is, I wrote the secrets API and the subdomain challenge infrastructure IN PURE OBSERVABLE CODE!!! You can see how it is all implemented yourself.
Man it was tough, the GCP SDK’s do not work in a browser context so I had to figure out how to mint an access token from a service account manually, so the serverside cells can issue security credentials. BUT IT CAN BE DONE AND IT HAS BEEN DONE.
The secrets manager API is a CRUD express router… all programmed within Observable cells. The sky is the limit!