Hiding Credentials

john.smith · February 19, 2021, 7:24am

Hi,

I am currently publishing my passwords in my code to connect to my database in work
. The code looks a little bit like the below

library(odbc)
myconn <- dbConnect(odbc::odbc(), "Database_Prod", timeout = 15, uid = 'jsmith', pwd = 'foo')

I would like to publish my code to our internal GitHub but do not want to fall into the mistake of publishing my credentials by accident. I would also like to put my script on a schedule so that I can just let it run without any interference from me.

I have seen the post about the package keyring but it looks from my playing around with it that it prompts you for your password which would mean i wouldn't be able to schedule my work. I could i suppose save all my credentials in a config.R script and then source it but then the credentials are still in open text on my PC

Has anyone come across this problem before?

Thank you for your time

Donald · February 19, 2021, 7:50am

Perhaps the encryptr is an option to add some security to config.R. Uses public and private keys to en/decrypt data. Strongly recommend making a back-up before playing around with the package.

martin.R · February 19, 2021, 10:35am

This package accesses the system credentials:
CRAN - Package keyring (r-project.org)

MIT Kerberos may also be an option for you.

john.smith · February 19, 2021, 1:31pm

Thanks @martin.R, the key point seems to be

Setting a secret from a script, i.e. non-interactively: key_set_with_value()

system · February 26, 2021, 1:32pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.