Consider backend for passwordstore?

[javierluraschi]

I think it would be worth considering https://www.passwordstore.org/ for Linux services.

backend = "env" is really easy to set up but not ideal in some situations, backend = "vault" would be harder to set up but very secure. A backend = "linux-pass" could sit between those two for users that want additional security, but perhaps not a full-blown solution.

[gaborcsardi]

I like this, except that it seems that there is no library for it, so we'll need to call out to the command line tool. But it can work.

The only thing we need to work out is to store the master password in the session somehow. Probably we should just use gpg-agent as they suggest.

[javierluraschi]

From @jmcphers: pass is a script that makes it more convenient to store passwords in GPG files and retrieve them somewhat interactively. For this use case, and presuming we want to depend on GPG for encryption, I think we'd be better off just depending on GPG directly as pass's syntax sugar is geared almost entirely towards end users.

[gaborcsardi]

Makes sense. Although is this case we don't really need GPG, either, just openssl or libsodium, both available as an R packages.

I wonder if we want a generic way of caching master keys in the session.

[jmcphers]

The nice thing about gpg is that it lets you add secrets (a) without the secret key (since it uses asymmetric encryption), and (b) without R (since it has a nice command-line interface, too). I think this might be useful for cases like Connect where you won't necessarily be using the keyring package to write the secret, just to read it. I think you can do the same with openssl, though I'm less familiar with it.

[gaborcsardi]

Asymmetric crypto is not needed/used for the keychain. E.g. you cannot put items on the keychain without unlocking it.

GPG is OK well, although we would probably use it as symmetric crypto. openssl and sodium both have bindings to all languages and they are much easier to program than gpg.

[gaborcsardi]

We have an encrypted file backend now, although it will still change a little bit. That should work on all systems, so I'll close this issue for now. We might still consider passwordstore in the future.