I'm developing a package which will be used by a handful of users in an organization, but I'm not expecting to release it widely (ie, it won't be on CRAN).
Question: how should, say, a sys admin think about potentially sensitive but un-exported auth data in a R/sysdata.rda file, especially in a production setting? Is the data effectively impossible to access post-build, and/or are there other best practices to consider?
Is the data effectively impossible to access post-build
Nope, it's trivial to access using :::.
I'm not sure what the use-case is, but can't think of a scenario where you would want to distribute a function relying on internal data but not the internal data itself.