Keyring on Linux (CentOS 7)

Swamy · July 16, 2020, 10:51pm

OS: CentOS 7
R Version: 3.6.0
I am trying to use keyring package to encrypt my credentials on Linux. I am using RStudio Server Open Source Version. I want to Automate scripts which will use my Credentials to Authenticate various systems (Examples: Email and Database Credentials)
Question: In Linux do we have anything similar to Windows Credential Store Keyring. Reason being I want to store my credentials using key_set() but in Linux I don't see any default store. Creating a new keyring and storing the credentials will block me from automating my scripts as someone needs to authenticate / unlock the keyring in every session that I use.

Appreciate any help and Thank you in advance
@kaushiklakshman: Sorry for tagging you but I think you had a small thread where you discussed this. Any knowledge sharing would really help me. Thank you in advance.

kaushiklakshman · July 19, 2020, 11:57am

Hi @Swamy

Sorry for the late response on this. There are different options for credential stores in Linux. However, some of them require a GUI component. This wasn't an option for me with an EC2 instance. Hence, I used file based backend. As described in the thread you linked, using keyring::backend_file$new() helps you establish that you want to use the file based keyring.

Then I also had to specify R_KEYRING_BACKEND='file' in a .Renviron file that lets R know every time it loads up a new session that your default keyring should be file based. On top of this, I think file based keyrings are always locked by default. Therefore I also had to create a .Rprofile file that has the below code to unlock it when a new session opens

.First <- function() {
    if(keyring::keyring_is_locked() == TRUE){
        keyring::keyring_unlock(keyring = "your_keyring_name",
                                password = "your_keyring_password")
 }
}

I'm not a 100% sure on this but if other backends like libsecret are an option for you, I think you need not specify the default option in the environment file and the unlock step.

system · August 10, 2020, 1:06am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Swamy · November 24, 2020, 9:28pm

Hi @kaushiklakshman, thank you very much for your reply and solution. In between I tried multiple other packages such as "keyringr", "digest" and "sodium". I think except for "digest" the other two packages use libsodium as you mentioned for back end encryption and all of these packages need a key / password to really decrypt the credentials which fundamentally match with "keyring" package.

I will keep this solution as PoC for different types of Securing Credentials. Thank you once again for the help.