[R-pkg-devel] Keeping secrets in R packages

Greg Snow 538280 at gmail.com
Sun Jun 7 18:10:54 CEST 2015

If you just want to protect the secret from casual view (but don't
need strong encryption), then you could just use a basic
encryption/decryption algorithm, include the encrypted secret in the
package and have the function decrypt it before sending.  See the
"petals" function in the TeachingDemos package for one simple example
of doing this.  This would not be strong encryption, an intermediate
level R programmer would be able to print the secret in plain text,
but it does protect from accidental or casual viewing (anyone seeing
it would have to have deliberately set out to do so and would not be
able to claim that they just accidentally saw it).  This is fairly
quick, easy, and self contained in the package.

On Fri, Jun 5, 2015 at 4:19 PM, Neal Fultz <nfultz at gmail.com> wrote:
> I am working on updating the RGoogleDocs package to use OAuth2, since the
> old api was recently turned off (at my job we use it as a poor mans
> database).
> As part of the auth process, I need to send google a client key and secret
> in order to gain access to a spreadsheet. Is there a 'safe' place to store
> the secret?
> I would strongly prefer not requiring my end users to have to sign up for
> their own google API keys, but I also do not want to store the secret in
> the clear.
> Any suggestions on best practices?
> -Neal Fultz
>         [[alternative HTML version deleted]]
> ______________________________________________
> R-package-devel at r-project.org mailing list
> https://stat.ethz.ch/mailman/listinfo/r-package-devel

Gregory (Greg) L. Snow Ph.D.
538280 at gmail.com

More information about the R-package-devel mailing list