Support

Using Keyring

Follow

Note: This feature is currently available only in the RStudio 1.2 Preview.

Keyring is a platform-independent API to access the operating systems credential store. From RStudio 1.2 (currently only available in daily builds), you can use keyring to store secrets using .rs.askForSecret() R function.

Keyring currently supports:

  • Keychain on macOS,
  • Credential Store on Windows,
  • the Secret Service API on Linux, and
  • environment variables on all platforms. Additional storage backends can be added easily.

Installation

OS X and Windows do not require additional software.

For Linux, install the libsecret library, at least version 0.16.

  • Debian/Ubuntu: libsecret-1-dev
  • Recent RedHat, Fedora and CentOS systems: libsecret-devel

Using Keyring

Keyring can be used to store secrets in RStudio using the rstudioapi::askForSecret() function. This is useful and recommended while storing sensitive information like connection passwords and connection strings.

One can retrieve and store a secret with:

secret <- rstudioapi::askForSecret("Test")

Screen_Shot_2018-02-15_at_10.19.25_AM.png

If the keyring package is not installed, the checkbox will be disabled. Keyring can be manually installed using installed.packages("keyring") or by clicking the keyring hyperlink in the dialog and following the installation prompt.

If the user checks the "Remeber using keyring?" checkbox, then subsequent calls to:

secret <- rstudioapi::askForSecret("Test")

will remember the previous value and also retrieve the secret contents.

Screen_Shot_2018-02-15_at_10.18.52_AM.png

To remove a previously stored value, one can uncheck the "Remember using keyring?" checkbox.

Please be aware that while using Keyring to store secrets is secure, once a secret is retrieved from Keyring, the secret is no longer protected. Therefore, once a secret is retrieved from Keyring, avoid: printing, logging or saving your secret; instead, consider passing the unencrypted secret directly to the functions that need access to it. For instance, while connecting to a database, request the secret from Keyring directly in the connection function:

dbConnect(odbc::odbc(), password = rstudioapi::askForSecret("password"))

 

Comments

  • Avatar
    Javier Luraschi

    Correct, while using Keyring to store secrets is secure, once the secret is extracted from Keyring you need to handle the secret carefully. I've added a note in the footer of this article to give some guidance on what not to do once a secret is extracted from Keyring.