How do share your analysis work that needs to be private/secure



For work, I mostly do analysis projects where the end result is a Rmd file that I knit to HTML. The workflow is beautiful, use the SQL engine to pull data, use ggplot and formattable so everything looks nice, add I can rerun it whenever I need… but then I end up emailing an HTML file which the person has to download and then open for it to display correctly :grimacing:.

I feel like there has to be a better way but no amount of googling has helped me (so I assume I’m looking for incorrect terms). At my last job we had a VPN so it was easy to run a server there and post them without worrying about authenticating users, but here we don’t have a VPN.

In an ideal world, I could make a blogdown site where a person authenticates with their google account, and it has to be of our work domain to get access, but at this point I’m open to any solution where I am not emailing it and crossing my fingers that they don’t use the gmail preview feature that strips a lot of elements. Bonus points if I could apply the same strategy to a shiny app in the future since it’s only a matter of time until that’s driving me crazy too.

Thanks in advance for any advice!


Hi @scottbrenstuhl, good news, at RStudio we have commercial products that do exactly what you’re asking for. Both Shiny Server Pro, and RStudio Connect integrate with Google OAuth2 (and other authentication methods). These can be deployed in the cloud (AWS EC2 for example) or on premise.

Hope this helps


I might be missing your problem here, but have you considered knitting to a pdf document instead? This would prevent gmail preview from stripping out any html


A very lightweight solution is to knit Rmd to md and push to a private repo on GitHub (or GitLab or what have you). That’s not going to help you with Shiny, though. The proper solution is really what @edgararuiz says, which are the commercial products that make RStudio a viable business.


Oh, sorry I should have made a note on this. I’ve tried this but I like to include HTML widgets whenever possible like DT tables that can be sorted, plotly, floating table of contents, etc. so people can dig into the outputs a bit more. Unfortunately, pdf format doesn’t allow for this (or my understanding of the format is way off).

Although this actually raises a great point: Is the value of interactive HTML higher than the value of knowing they didn’t view a broken version? I’ll have to give this some serious thought, thanks!!


Thanks @edgararuiz!!! I didn’t realize that was an option on the enterprise side. I just watched the intro video for connect and looked at what is provided via the pricing page you linked to. This seems perfect for what I need, especially combined with OAuth2.

Right now I’m the only R user though so I’m probably out of luck getting the costs approved for now. I’m already teaching one coworker R using Datacamp and r4ds and pushing to hire more analysts, so hopefully I can bulk the team up enough to get this into the reasonable expense per user category in the near future.

Thanks again! This really is the perfect answer to what I need, I’m thrilled to know it exists.

@jennybryan I tried the github version but getting all the random people that need access on github was a bit of a nightmare :grimacing:. I’m jazzed with the existence of the options @edgararuiz pointed out and hope I can get it implemented here.

I would be thrilled to be able to support Rstudio this way since I really credit y’all with making it possible for me to switch to this career by making such amazing tools available to everyone.


FWIW, when I do such things, it’s in a pedagogical context and I’m using an Organization and teams … so, yeah, not individual accounts.


If you need to share Shiny stuff with people but can’t (or don’t want to) pay for Shiny Server Pro, I suppose you could also push the HTML to a server where you’re running the regular version of Shiny Server. That seems like a roundabout solution, though :confused:


Just pushing HTML to the open source shiny server will still leave it open to the entire internet (based on the no VPN comment).

Creating a very minimal server login page is an easy way to get around that, though.

If you follow this example, try implementing some minimum password requirements.


I had wanted to run a shiny server, but we use Windows-based servers, which ShinyServer doesn’t support. Instead, we set up a server that runs R. I have .bat files that start Shiny Applications on designated ports. Users can then connect to the application using a url similar to //server-name:port-number

It’s a pretty ugly hack, but we get around some of the ugliness by opening a custom browser within our primary database application.


@edgararuiz @jennybryan Thanks for the advice on this! I received permission to pilot Connect, got it up and running last night, and just sent out a link to our team for everyone to create their accounts and check out our first report live on the site (with daily updates). :tada: :tada: :tada:

I’m so excited!!


Just wondering, if one can create a shiny app using R and shiny package and host this on remote computer/ own server, Is this legal?.. i am looking for the answer from last 1 month but lots of folks confused me that for hosting shiny app one should use shiny server and their services only (which are paid) and hosting the app on remote computer / local server would be risky and might involve any legal issues later for commercial purpose.
Your views would be greatly appreciated. Thanks in advance!


Hi @varayush, I’m not a legal expert. But as far as publishing your own Shiny apps on a server you host is something very common, you can use the free version of Shiny Server:


Another option is to use keybase to share the rendered HTML file. This won’t work for a full shiny application, but is probably a lot easier than setting up a login portal.

One problem with setting up a login system is that you’re then responsible for storing someone’s login credentials, which can often be more sensitive than the data that you’re sharing in the first place because people might reuse credentials between your application and say, their email. So if you do go this route I highly recommend looking into an authentication service like