GuidesDiscussionChangelogLog In

Including Sensitive Information

How to use Sensitive Files to manage sensitive information in a Project

There are many reasons that you may wish to control access to information. You should always consult with the relevant staff at your institution, with a consultant or external review organization, etc. as appropriate before sharing your data.

There are several ways to keep your Project free of source data, or the results of operating on such data. Below are some suggestions, but you may discover other approaches! You are invited to join us on our forum to discuss the specifics of your Project.

The Untracked Directories

For your convenience, we have provided pre-configured directories input/untracked, code/untracked, and output/untracked that are already listed in a .gitignore file in the root of each Project. This means any file you place here will not be versioned or synced. Additionally, if you need to place another git repo in your project, this is currently a "safe" location that won't break your Project.

Sensitive Files

Often you may want to use an external database, service, or API to access data. This typically requires some sort of credential or sensitive information that should not be shared. To support this, the Sensitive Files widget can be used.

When adding a Sensitive File, first select the file from your local filesystem. Next enter a desired destination directory inside your Project container. This is where you expect to find the file while running.

The Client will copy the file into your working directory and add the destination to your Project configuration. At runtime, if the Sensitive File exists it will get copied into place. When you sync with a Collaborator, they can see what Sensitive Files are missing and add their own.

An example of configuring a sensitive file (e.g. AWS credentials)An example of configuring a sensitive file (e.g. AWS credentials)

An example of configuring a sensitive file (e.g. AWS credentials)

Preventing the Activity Feed from Capturing Information

You may also want to prevent the contents of cell outputs from showing up. We have implemented a solution currently for Jupyter only where you can include the special comment # gtm:ignore to keep code and outputs from a cell execution out of the activity feed. More detail is provided in the article on Controlling Activity Feed Behavior.

Critically, if you save a notebook file without first clearing outputs or code, that version of the file will be added to the Project's Git history still but figures and results will not be in the activity feed!