🏠 back to Observable

Is there a way to run Observable on my local server

Hi, I would like to know if there is a way to run the Observable Notebook on my local server, similar to Jupyter notebook. I absolutely love using this too, but it just so happens that the data that I work with is very sensitive and I won’t be able to use Observable if it runs on the public server. Is there a way for me to run it locally. I can’t see to find an answer online but building a case for my security team to vet on. And really hoping there is an absolutely secure way to load the data.

Thank you in advance.

Hey Chique!

Have you seen this article about embedding notebooks? It talks about downloading the Observable runtime and might help you out.

Cheers,
Thomas

Hi Chique,
One thing to keep in mind is that your Observable code doesn’t actually ‘run’ on the Observable servers. The code runs in your local browser. Observable only serves the javascript code to your browser to execute.

We have designed it so that it is possible to use securely for work. When using local files, pulling from intranet resources, or connected to self-hosted DatabaseClients, none of your sensitive data touches Observable servers, and it flows directly between your data source and your computer.

I hope that helps and perhaps removes the concerns about authoring your notebooks on Observable.

2 Likes

Hi @Cobus, thank you very much for this information. This is def helpful, and I sincerely hope that my security team will approve of this tool.
So what if I upload csv file into my notebook, are you saying that this data doesn’t live on the public server, but just on my browser and in my computer. Am I understanding this correctly? If so, when I enable the link-sharing and share it with someone, the data would be available for them? That is to say - it still doesn’t live on the public server?

Hi @ChiqueCode,

If you upload a csv file, it will indeed live on the Observable servers, and link sharing will work, but as you say, the file will be on our servers and the link, although secret, would be accessible by anyone.
Think of the csv file as a datasource, and your browser can either access it from your local machine (not uploaded to Observable, see this explanation for how to do that) or pull the data from our fileservers, or any other web-accessible file server which you can control. The important point to remember is that the code or data does not flow through Observable. The javascript code accesses the data directly from your browser.

If your use case requires secure access to a shared csv file I think you should solve that problem first, and then depending on that, you can determine the best access method from Observable. Depending on your workflow, you could even require your collaborators to download the file themselves from wherever you devise, and then use the local file method described earlier to drive your notebook.

Of course, the Observable File Attachment method is the most convenient :grinning: but I understand that you may have other constraints to deal with.

A possible workaround would be to store the data (or a reference, i.e., URL to the data) encrypted within the notebook and require a password as encryption key.

This is the principle by which secure pastebins work: The encryption key to a paste gets passed as hash in the URL. All encryption and decryption happens client-side, the hash itself or the unencrypted data is never sent to the server, allowing for URLs with a key to be shared with others (e.g., “https://observablehq.com/@username/notebook-title#my-secret-password”).

1 Like

Here’s an example of client-side decryption:

2 Likes