[R-pkg-devel] Keeping secrets in R packages
Dirk Eddelbuettel
edd at debian.org
Sat Jun 6 01:06:28 CEST 2015
On 5 June 2015 at 15:19, Neal Fultz wrote:
| I am working on updating the RGoogleDocs package to use OAuth2, since the
| old api was recently turned off (at my job we use it as a poor mans
| database).
|
| As part of the auth process, I need to send google a client key and secret
| in order to gain access to a spreadsheet. Is there a 'safe' place to store
| the secret?
| I would strongly prefer not requiring my end users to have to sign up for
| their own google API keys, but I also do not want to store the secret in
| the clear.
|
| Any suggestions on best practices?
I am not sure what you can call 'best' but what is getting common for myself
is to source a file below $HOME, ie ~/.somethingrc, on launch.
See for example the CRAN package RPushBullet which also uses an OAuth2
interface:
https://github.com/eddelbuettel/rpushbullet/blob/master/R/init.R#L21-L38
It stores the (JSON-encoded, JSON was already a given in the context) object
in a per-package environment, and for ease of other accessors also stores
them in the global options().
Dirk
--
http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org
More information about the R-package-devel
mailing list