-
Notifications
You must be signed in to change notification settings - Fork 135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there a way to hide the "token = os.getenv('MAPBOX_ACCESS_TOKEN')" #175
Comments
Hi @dprophet |
The problem with MAPBOX_ACCESS_TOKEN is that token can be viewed via os.environ. In a hosted Jupyter environment, like a Docker container, the access token must not be exposed to the user. |
I'm not sure if this works for your use case, but it sounds like you could avoid supplying the MAPBOX_ACCESS_TOKEN via your hosted notebook at all and require the user to sign up for a free token from Mapbox that they would then supply to the viz constructor directly? Otherwise, I think this requires use of the Mapboxgl JavaScript library tokens api (https://docs.mapbox.com/api/accounts/#tokens). Maybe @ryanbaumann has more insight on this? |
MAPBOX_ACCESS_TOKEN is bad. All I need to do is print the environment variables and its exposed. Commercial usage of MAPBOX_ACCESS_TOKEN can be quite expensive. |
@dprophet we should update the examples to not use an environment variable - you can simply pass your mapbox access token as a variable to the map viz initialization i.e.
|
In all of the example notebooks you get the mapbox token from the environment like so
"token = os.getenv('MAPBOX_ACCESS_TOKEN')"
If we used a hosted Jupyter notebook environment we certainly dont want to pass our Mapbox token around to users. How do make the token part of the install/Jupyter platform not part of the notebook runtime?
The text was updated successfully, but these errors were encountered: