keyring on amazon ec2

Hi everyone,

In our data science team we use the keyring package to handle credentials. Currently we all work on Windows desktops so the default windows credential store gets used.

Now, we are in the processing of operationalising some of our scripts and are setting up an Amazon EC2 instance to do this. However I've just found out that keyring doesn't play well on linux.

When I execute a key_set I get the following warning message.

keyring::key_set(service = "test", username = "test")
Password: *******
Warning message:
In default_backend_auto() :
  Selecting ‘env’ backend. Secrets are stored in environment variables

I can retrieve the key using key_get but obviously if I leave the R session and come back into it I get an error.

keyring::key_get(service = "test", username = "test")
Error in b_env_get(self, private, service, username, keyring) :
  Cannot find password
In addition: Warning message:
In default_backend_auto() :
  Selecting ‘env’ backend. Secrets are stored in environment variables

I have installed libsodium-dev as it is an Ubuntu EC2 instance. A quick google seems to suggest the default backend can't be changed without a GUI :sob:

We were also pondering Rstudio connect on AWS in the future. Will this likely be an issue on that too?

What are other solutions you use/ have seen used to counter this?

Thank you!

1 Like

I've found the solution myself for what its worth.

The trick is to change the default backend to a file based backend.

kb <- keyring::backend_file$new()
kb$keyring_create('some_keyring_name')
kb$set(service = 'test', username = 'test', keyring = 'some_keyring_name')

Point to note: file based keyrings are locked with a password and need to be unlocked. Also might be worth setting the default backend to file using the .Renviron file

2 Likes

Very interesting! Good find! This is definitely something I want to dig into, because keyring on RStudio Server or RStudio Connect seems like a really compelling toolchain!

If you encounter problems (or solutions!) in either case, please do come create a thread to discuss here! I think you're definitely in the right place :slight_smile:

I would guess that (on RStudio Connect) the environment pane would be something you'd use to pass the necessary secret to "unlock" the file, perhaps?

https://docs.rstudio.com/connect/user/settings-panel.html#content-vars

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.