• Stars
    star
    101
  • Rank 338,166 (Top 7 %)
  • Language
    R
  • License
    Other
  • Created almost 8 years ago
  • Updated almost 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

🔐 Secure sharing of sensitive information in R packages

R build status CRAN RStudio mirror downloads Coverage Status

Allow sharing sensitive information, for example passwords, 'API' keys, etc., in R packages, using public key cryptography.

Disclaimer

  1. Although the package authors did what they could to make sure that the package is secure and cryptographically sound, they are not security experts.

  2. Memory areas for secrets, user passwords, passpharases, private keys and other sensitive information, are not securely cleaned after use! Technically, the local R process and other processes on the same computer, may have access to them. Never use this package on a public computer or any system that you don't trust. (Actually, never typing in any password on a public computer is good security practice, in general.)

  3. Use this package at your own risk!

Installation

Install the package from CRAN:

install.packages("secret")

Usage

Load the package:

library(secret)

Set up your keys:

Ensure you know the location of your public and private keys. In Linux this is usually the folder ~/.ssh, so on Windows you may want to choose the same folder.

By default, the package looks for your private key at

  1. ~/.ssh/id_rsa
  2. ~/.ssh/id_rsa.pem.

You can change this default by setting an environment variable USER_KEY:

# This is optional - only do this if you want to change the default location
Sys.setenv(USER_KEY = "path/to/private/key")

Test that the package can read your key. This might fail if you don't have a key at ~/.ssh/id_rsa, or if your private key has a pass phrase and R in running in non-interactive mode.

library(secret)
try(local_key(), silent = TRUE)
# Please enter private key passphrase:

Create a vault:

You can create a vault by using create_vault()

vault <- file.path(tempdir(), ".vault")
dir.create(vault)
create_vault(vault)

A vault consists of two folders for:

  • users: contains user and their public keys
  • secrets: contains the encrypted secrets
dir(vault)
# [1] "README"  "secrets" "users"

Alternatively, you can create a vault in an R package:

pkg_root <- "/path/to/package"
create_package_vault(pkg_root)

Add users to the vault:

To add a user to the vault, you have to know their public key.

The secret package contains some public and private keys you can use for demonstration purposes.

key_dir <- file.path(system.file(package = "secret"), "user_keys")
alice_public_key <- file.path(key_dir, "alice.pub")
alice_private_key <- file.path(key_dir, "alice.pem")
openssl::read_pubkey(alice_public_key)
# [2048-bit rsa public key]
# md5: 1d858d316afb8b7d0efd69ec85dc7174

Add the public key of Alice to the vault:

add_user("alice", alice_public_key, vault = vault)

Add a secret using your public key.

A secret can be any R object - this object will be serialised and then encrypted to the vault.

secret_to_keep <- c(password = "my_password")
add_secret("secret_one", secret_to_keep, users = "alice", vault = vault)

Decrypt a secret by providing your private key:

You can decrypt a secret if you have the private key that corresponds to the public key that was used to encrypt the secret,

get_secret("secret_one", key = alice_private_key, vault = vault)
#      password 
# "my_password"

Note for Windows users

  • If you use windows, you most likely created your keys using PuttyGen. Note that the key created by default from PuttyGen is not in OpenSSH format, so you have to convert your format first. To do this, use the /Conversions/Export OpenSSH key menu item in PuttyGen.

  • Note that the folder ~/.ssh in Windows usually expands to C:\\Users\\YOURNAME\\Documents\\.ssh. You can find the full path by using:

    normalizePath("~/.ssh", mustWork = FALSE)
    # [1] "/Users/gaborcsardi/.ssh"
    

License

MIT © Gábor Csárdi, Andrie de Vries

More Repositories

1

prompt

Dynamic R prompt
R
215
star
2

notifier

Cross platform desktop notifications from R
Objective-C
126
star
3

dotenv

Load environment variables from .env in R
R
71
star
4

parsedate

R package to parse dates given in arbitrary formats
C
63
star
5

maxygen

❗ OUTDATED Markdown + Roxygen = Maxygen
R
53
star
6

tamper

Easier debugging of magrittr pipes
R
46
star
7

rencfaq

42
star
8

rcorpora

R package with a collection of small corpuses of interesting data, from https://github.com/dariusk/corpora
R
39
star
9

async

Asynchronous HTTP and computation in R
R
38
star
10

argufy

Declarative function argument checks
R
31
star
11

alexr

R package to catch insensitive, inconsiderate writing
R
26
star
12

keypress

Read individual keys in R without waiting for an ENTER
C
22
star
13

falsy

R package for falsy and truthy values
R
21
star
14

roxygenlabs

Experimental roxygen tags and extensions
R
19
star
15

ask

Friendly CLI interaction in R
R
19
star
16

after

Run Code in the Background
R
15
star
17

spark

Sparklines in the R terminal
R
13
star
18

disposables

Create disposable R packages, for testing
R
11
star
19

macBriain

Say error messages aloud on a Mac, including advice :)
R
7
star
20

ISA

Iterative Signature Algorithm and related tools
ActionScript
6
star
21

altlist

Test package for ALTREP lists
C
4
star
22

butcher

R
4
star
23

r-font

R logo in a font
CSS
3
star
24

r-source

R source code for experiments and patches
R
3
star
25

fswatch

Watch a File or Directory for Changes
R
2
star
26

keynote

Work with Keynote documents from R (VERY EXPERIMENTAL!)
AppleScript
2
star
27

standalones

Standalone R files for various tasks
R
2
star
28

installgithub.app

Install an R package from GitHub, with a one liner
R
2
star
29

format

C
1
star