[R-pkg-devel] Keeping secrets in R packages
Thanks everyone for the replies. Here's a brief overview of my current plan for what to do with the parts of the three way handshake : 1. Client id / secret can/should go in the package, unlike passwords 2. Authorization code is used immediately and discarded 3. Token is cached out to a dotfile, and reread into a package variable in .onAttach With a little extra code to deal with expired tokens, I should be able get our daily cron jobs back up.
On Sun, Jun 7, 2015 at 9:10 AM, Greg Snow <538280 at gmail.com> wrote:
If you just want to protect the secret from casual view (but don't need strong encryption), then you could just use a basic encryption/decryption algorithm, include the encrypted secret in the package and have the function decrypt it before sending. See the "petals" function in the TeachingDemos package for one simple example of doing this. This would not be strong encryption, an intermediate level R programmer would be able to print the secret in plain text, but it does protect from accidental or casual viewing (anyone seeing it would have to have deliberately set out to do so and would not be able to claim that they just accidentally saw it). This is fairly quick, easy, and self contained in the package. On Fri, Jun 5, 2015 at 4:19 PM, Neal Fultz <nfultz at gmail.com> wrote:
I am working on updating the RGoogleDocs package to use OAuth2, since the old api was recently turned off (at my job we use it as a poor mans database). As part of the auth process, I need to send google a client key and
secret
in order to gain access to a spreadsheet. Is there a 'safe' place to
store
the secret?
I would strongly prefer not requiring my end users to have to sign up for
their own google API keys, but I also do not want to store the secret in
the clear.
Any suggestions on best practices?
-Neal Fultz
[[alternative HTML version deleted]]
______________________________________________ R-package-devel at r-project.org mailing list https://stat.ethz.ch/mailman/listinfo/r-package-devel
-- Gregory (Greg) L. Snow Ph.D. 538280 at gmail.com