Hi, I would like to know if there is a way to run the Observable Notebook on my local server, similar to Jupyter notebook. I absolutely love using this too, but it just so happens that the data that I work with is very sensitive and I won’t be able to use Observable if it runs on the public server. Is there a way for me to run it locally. I can’t see to find an answer online but building a case for my security team to vet on. And really hoping there is an absolutely secure way to load the data.
Thank you in advance.
Have you seen this article about embedding notebooks? It talks about downloading the Observable runtime and might help you out.
We have designed it so that it is possible to use securely for work. When using local files, pulling from intranet resources, or connected to self-hosted DatabaseClients, none of your sensitive data touches Observable servers, and it flows directly between your data source and your computer.
I hope that helps and perhaps removes the concerns about authoring your notebooks on Observable.
Hi @Cobus, thank you very much for this information. This is def helpful, and I sincerely hope that my security team will approve of this tool.
So what if I upload csv file into my notebook, are you saying that this data doesn’t live on the public server, but just on my browser and in my computer. Am I understanding this correctly? If so, when I enable the link-sharing and share it with someone, the data would be available for them? That is to say - it still doesn’t live on the public server?
If you upload a csv file, it will indeed live on the Observable servers, and link sharing will work, but as you say, the file will be on our servers and the link, although secret, would be accessible by anyone.
If your use case requires secure access to a shared csv file I think you should solve that problem first, and then depending on that, you can determine the best access method from Observable. Depending on your workflow, you could even require your collaborators to download the file themselves from wherever you devise, and then use the local file method described earlier to drive your notebook.
Of course, the Observable File Attachment method is the most convenient but I understand that you may have other constraints to deal with.
A possible workaround would be to store the data (or a reference, i.e., URL to the data) encrypted within the notebook and require a password as encryption key.
This is the principle by which secure pastebins work: The encryption key to a paste gets passed as hash in the URL. All encryption and decryption happens client-side, the hash itself or the unencrypted data is never sent to the server, allowing for URLs with a key to be shared with others (e.g., “https://observablehq.com/@username/notebook-title#my-secret-password”).
Here’s an example of client-side decryption:
I think as a counter point here - you talk about sensitive data running only on your browser.
But for us, the code and the identifiers even are sensitive.
Knowing what sectors and securities we look at - the parameters we’d pass to our data source - is exactly what we don’t want.
And yes you can do client side encryption and decryption - but it adds to the friction of giving this to our analysts, who want to write queries, discover answers, and publish to portfolio managers to use
We sit with the same issue with Power BI, and we happily pay the extra enterprise licence to Microsoft to have the privilege of running power BI on premise as part of power BI report server, and as mentioned in another forum, we (and many other enterprises) would pay for the privilege to do so here