Closed maelle closed 3 years ago
I'm not sure I follow your description, when you get back from vacation, please explain in more detail
Answering before I forget what I meant. 😅 I was (yes not clearly) wondering whether one could get in trouble with a commercial web service if publicly storing responses in non encrypted cassettes. Depending on the data usage guidelines of the service. E.g. Google, Twitter.
I think in the book it could mean that when mentioning encryption of cassettes, one should say it's for sensitive data (like personal data, medical data) but also for data one doesn't own (geocoding results from Google)?
thanks @maelle ! makes sense now. yes, we should add notes on this, will do
Related to #2
If you are dealing with sensitive data in your API (cf https://github.com/ropensci/qualtRics/pull/140#issuecomment-619647467) you probably don't want to save actual data.
So you'll want to either
Having a sandbox is the best solution because it also means other contributors to the package get the same data.
I could show how to encrypt files with sodium, using example from gargle code. That applies to tokens but one could also encrypt cassettes although of course that is not cool for PRs from forks.
Secure data but also data one doesn't one (check the data provider is ok with data being cached for tests or could a data provider think it's resharing the data)