Hi, I would like to know if there is a way to run the Observable Notebook on my local server, similar to Jupyter notebook. I absolutely love using this too, but it just so happens that the data that I work with is very sensitive and I won’t be able to use Observable if it runs on the public server. Is there a way for me to run it locally. I can’t see to find an answer online but building a case for my security team to vet on. And really hoping there is an absolutely secure way to load the data.
Hi Chique,
One thing to keep in mind is that your Observable code doesn’t actually ‘run’ on the Observable servers. The code runs in your local browser. Observable only serves the javascript code to your browser to execute.
We have designed it so that it is possible to use securely for work. When using local files, pulling from intranet resources, or connected to self-hosted DatabaseClients, none of your sensitive data touches Observable servers, and it flows directly between your data source and your computer.
I hope that helps and perhaps removes the concerns about authoring your notebooks on Observable.
Hi @Cobus, thank you very much for this information. This is def helpful, and I sincerely hope that my security team will approve of this tool.
So what if I upload csv file into my notebook, are you saying that this data doesn’t live on the public server, but just on my browser and in my computer. Am I understanding this correctly? If so, when I enable the link-sharing and share it with someone, the data would be available for them? That is to say - it still doesn’t live on the public server?
If you upload a csv file, it will indeed live on the Observable servers, and link sharing will work, but as you say, the file will be on our servers and the link, although secret, would be accessible by anyone.
Think of the csv file as a datasource, and your browser can either access it from your local machine (not uploaded to Observable, see this explanation for how to do that) or pull the data from our fileservers, or any other web-accessible file server which you can control. The important point to remember is that the code or data does not flow through Observable. The javascript code accesses the data directly from your browser.
If your use case requires secure access to a shared csv file I think you should solve that problem first, and then depending on that, you can determine the best access method from Observable. Depending on your workflow, you could even require your collaborators to download the file themselves from wherever you devise, and then use the local file method described earlier to drive your notebook.
Of course, the Observable File Attachment method is the most convenient but I understand that you may have other constraints to deal with.
A possible workaround would be to store the data (or a reference, i.e., URL to the data) encrypted within the notebook and require a password as encryption key.
This is the principle by which secure pastebins work: The encryption key to a paste gets passed as hash in the URL. All encryption and decryption happens client-side, the hash itself or the unencrypted data is never sent to the server, allowing for URLs with a key to be shared with others (e.g., “https://observablehq.com/@username/notebook-title#my-secret-password”).
I think as a counter point here - you talk about sensitive data running only on your browser.
But for us, the code and the identifiers even are sensitive.
Knowing what sectors and securities we look at - the parameters we’d pass to our data source - is exactly what we don’t want.
And yes you can do client side encryption and decryption - but it adds to the friction of giving this to our analysts, who want to write queries, discover answers, and publish to portfolio managers to use
We sit with the same issue with Power BI, and we happily pay the extra enterprise licence to Microsoft to have the privilege of running power BI on premise as part of power BI report server, and as mentioned in another forum, we (and many other enterprises) would pay for the privilege to do so here
but I understand that you may have other constraints to deal with.