Keeping API Keys Private in Blogdown

apis
blogdown

#1

I'm in the process of writing a blog post that queries an API without an associated R package. Because there's no associated R package, I'm using the httr GET function which requires my API key to be in the string format. My question is, how do I keep my API key private so it doesn't show up in my website's public GitHub repository?

I'm familiar with caching API keys using options( ) as in options(tigris_use_cache = TRUE) for the tidycensus package but not sure how/whether to implement this in rmarkdown/blogdown for the API I linked to above. I haven't been able to find much help from Googling so any insight/tips would be greatly appreciated. :slight_smile:


Authenticate oracle data base from r script
#2

There is secret package that I rather like. I've written a blog with (you guessed it) blogdown about it - https://www.mishabalyasin.com/2017/11/05/overview-secret-spelling/ :slight_smile:


#3

The secret package is good, but I also have been known to make gratuitous use of passwords in environment variables. I pop them in my .Rprofile like this:

   Sys.setenv( MY_UID='your_UID')
   Sys.setenv( MY_PWD='your_password')

then in R I can call Sys.getenv("MY_UID") anywhere I need my UID, for example.


Hard-coded external database credentials?
#4

Thank you @mishabalyasin and @jdlong for your help! I'll try these suggestions.


#5

I'd also recommend the keyring package, which is used by RStudio 1.2. It's cross-platform and works out of the box with Keychain on macOS and Credential Store on Windows. With an external dependency (libsecret), it also works with Secret Service on Linux. Here's a guide to it from RStudio, but I believe you can also use it independently :slightly_smiling_face:


#6

Thanks, @rensa! I'll check that package out too.


#7

Is there a guide on using keyring on a headless server? I can't mange to make it work with libsecret in Ubuntu 16 Server (AWS instance)


#8

I haven't actually tried it, unfortunately! I'll see what I can find in a few days :slightly_smiling_face:


#9

I like the simplicity of using a user-hidden config file that your R application accesses. I originally borrowed the idea from a python module genlogics. In my case I was using the same API wrapper for 4 different servers - so I had a configuration file for each one...

~/server-1.config
~/server-2.config

etc. The config and configr make reading/writing config files super easy.


#10

Thanks for this idea, @btupper!


closed #11

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.