Managing secrets

[maurolepore]

Who is the audience?

Everyone at 2DII and beyond.

Why is it important

We often need to feed public programs with private information such as passwords, tokens, and private keys. Doing this securely is unclear and doing it wrong is dangerous.

What should be covered?

• Where should I store secrets?
• How can I access secretes securely from a public program?
• How can I pass secrets to remote services such as GitHub or shinyapps.io?

Suggested speakers or contributors

• I can explain how to pass secrets to R via .Renviron, and to GitHub TravisCI via Settings.
• I need help researching how to do this well on shinyapps.io (cc' @pranavpandya84?)

Resources

• gargle's approach: https://gargle.r-lib.org/articles/articles/managing-tokens-securely.html#overview-of-the-approach

• Encrypting
  • https://rdrr.io/cran/sodium/man/symmetric.html
  • https://gargle.r-lib.org/articles/articles/managing-tokens-securely.html#resources
  • https://askubuntu.com/questions/160253/encrypting-decrypting-a-single-file-in-ubuntu-12-04-lts
  • https://www.tecmint.com/linux-password-protect-files-with-encryption/
• https://www.atlassian.com/git/tutorials/git-hooks
• https://gargle.r-lib.org/articles/articles/managing-tokens-securely.html
• https://httr.r-lib.org/articles/secrets.html
• usethis::browse_github_token(): https://usethis.r-lib.org/reference/browse_github_token.html
• usethis::edit_r_environ(): https://usethis.r-lib.org/reference/edit.html
• RStudio connect: https://docs.rstudio.com/connect/user/api-keys/
• shinyapps.io (2.3.1 Configure rsconnect): https://docs.rstudio.com/shinyapps.io/getting-started.html
• GitHub: https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets
• TravisCI: https://docs.travis-ci.com/user/environment-variables/

Checklist

2h before

• [ ] Open meetup issue, paste this template and edit as necessary
• [ ] Link resources
• [ ] Develop content for the ds-incubator website
• [ ] Announce on #coding
• [ ] Add meetup date, title and link to the invitation on 2dii's calendar
• [ ] Set alarm for +15' into the meeting
• [ ] Set alarm for +25' into the meeting

10' before

• [ ] Remind meeting and share link on #coding
• [ ] Login at https://zoom.us/ and start recurring ds-incubator meeting***
  • *** Backup (Google) https://meet.google.com/azf-xifn-scd
• [ ] Under Participants > More uncheck "Put participants in waiting room ..."

Start

• [ ] 00': Welcome
• [ ] 02': Announcements
• [ ] 05': Record
• [ ] 15': Q&A + discuss "must-have" or "nice-to-have"
• [ ] 25': End
• [ ] 30': Upload video
• [ ] 35': Link video under resources
• [ ] 35': Label as "must-have" or "nice-to-have"

[pr0x2b]

• I need help researching how to do this well on shinyapps.io (cc' @pranavpandya84?)

Ya, sure. Let's arrange a short meeting any time before this session.

[maurolepore]

Thanks! I found what I was looking for. This article shows how to get the relevant secrets from https://www.shinyapps.io/admin/#/tokens. Then as usual you can store them privately in your ~/.Renviron (see ?usethis::edit_r_environ()) and use it from any R session with Sys.getenv().

cc' @tposey28