Skip to content

[Docs] Document runtime token sidecar pattern#3902

Open
fzhsbc wants to merge 1 commit into
jupyterhub:mainfrom
fzhsbc:docs-runtime-token-sidecar
Open

[Docs] Document runtime token sidecar pattern#3902
fzhsbc wants to merge 1 commit into
jupyterhub:mainfrom
fzhsbc:docs-runtime-token-sidecar

Conversation

@fzhsbc

@fzhsbc fzhsbc commented May 21, 2026

Copy link
Copy Markdown

[Docs] Document runtime token sidecar pattern

Summary

  • adds a vendor-neutral security note for short-lived runtime credentials in single-user pods
  • shows how to combine a Hub service, singleuser.extraContainers, and an in-memory shared volume
  • documents key boundaries: no refresh tokens in user containers, do not trust username-only assertions, and treat shutdown_on_logout as optional

Notes

This is documentation-only. It does not add a new chart feature or prescribe a specific external data authorization service.

Closes #3901

@fzhsbc

fzhsbc commented May 21, 2026

Copy link
Copy Markdown
Author

The docs preview and pre-commit checks passed. The current linkcheck failure appears unrelated to this PR: the failed links are existing external links in pages such as resources/community.md, jupyterhub/customizing/user-environment.md, resources/reference.md, and kubernetes/setup-helm.md. This PR only changes docs/source/administrator/security.md and does not add any external links.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Document a runtime token sidecar pattern for single-user pods

1 participant