I have a teaching project that embeds shiny apps in my markdown xaringan files using iframes. The project contains a couple directories with the apps with rsconnect folders that contain .dcf files. I don't see anything that looks like a password/key/token in those files.
Is there any security risk in sharing the .dcf files, in the rsconnect folders, with the world?
There are no security implications or risks in sharing .dcf files.
The content is similar to this example:
name: deploytest
title: deploytest
username:
account: ianpylvainen
server: shinyapps.io
hostUrl: https://api.shinyapps.io/v1
appId: 2728837
bundleId: 3576729
url: https://ianpylvainen.shinyapps.io/deploytest/
when: 1598898105.79611
asMultiple: FALSE
asStatic: FALSE
IE- app name, title, server address, account name, URL. No password/key/token etc is generated/captured in the dcf file.
Note that you may want to share or backup the file if you want to deploy from another system or collaborate with another user on the account as noted in our Connect user guide:
https://docs.rstudio.com/connect/user/publishing/#publishing-collaboration