[R-pkg-devel] Submission to CRAN when package needs personal data (API key)

Rainer Krug R@iner @ending from krug@@de
Wed Sep 5 09:28:31 CEST 2018


I have a package at GitHub (https://github.com/rkrug/ROriginStamp) which I am pre[paring for CRAN.

It creates a trusted timestamp using the API fro OriginStamp (https://originstamp.org/home) which requires an API key. Now this API should not be made public, as to much traffic through one API key will lead to it’s blocking.

I have stored the key encrypted in the travis.yml, and the package passes all tests.

But if I send it to CRAN, it would fail the tests, as the api key is not in the package itself.

I could disable all tests for CRAN which need the API key, but I think it would be better tu run the tests there as well (as an additional check to travis).

My question:

Is there a way of storing the API key encrypted, so that only the CRAN test servers can decrypt it, or is there another way can steal with this?



Rainer M. Krug, PhD (Conservation Ecology, SUN), MSc (Conservation Biology, UCT), Dipl. Phys. (Germany)

University of Zürich

Cell:       +41 (0)78 630 66 57
email:      Rainer using krugs.de
Skype:      RMkrug

PGP: 0x0F52F982

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <https://stat.ethz.ch/pipermail/r-package-devel/attachments/20180905/6c66a463/attachment.sig>

More information about the R-package-devel mailing list