[R-pkg-devel] Keeping secrets in R packages

Dirk Eddelbuettel edd at debian.org
Sat Jun 6 01:06:28 CEST 2015

On 5 June 2015 at 15:19, Neal Fultz wrote:
| I am working on updating the RGoogleDocs package to use OAuth2, since the
| old api was recently turned off (at my job we use it as a poor mans
| database).
| As part of the auth process, I need to send google a client key and secret
| in order to gain access to a spreadsheet. Is there a 'safe' place to store
| the secret?
| I would strongly prefer not requiring my end users to have to sign up for
| their own google API keys, but I also do not want to store the secret in
| the clear.
| Any suggestions on best practices?

I am not sure what you can call 'best' but what is getting common for myself
is to source a file below $HOME, ie ~/.somethingrc, on launch.

See for example the CRAN package RPushBullet which also uses an OAuth2


It stores the (JSON-encoded, JSON was already a given in the context) object
in a per-package environment, and for ease of other accessors also stores
them in the global options().


http://dirk.eddelbuettel.com | @eddelbuettel | edd at debian.org

More information about the R-package-devel mailing list