Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-07 Thread Neal Fultz
Thanks everyone for the replies. Here's a brief overview of my current plan for what to do with the parts of the three way handshake : 1. Client id / secret can/should go in the package, unlike passwords 2. Authorization code is used immediately and discarded 3. Token is cached out to a dotfile,

Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-07 Thread Greg Snow
If you just want to protect the secret from casual view (but don't need strong encryption), then you could just use a basic encryption/decryption algorithm, include the encrypted secret in the package and have the function decrypt it before sending. See the "petals" function in the TeachingDemos p

Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-06 Thread Hadley Wickham
The API key and "secret" aren't actually secrets so you can include in the package. Hadley On Friday, June 5, 2015, Neal Fultz wrote: > I am working on updating the RGoogleDocs package to use OAuth2, since the > old api was recently turned off (at my job we use it as a poor mans > database). >

Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-05 Thread Imanuel Costigan
Have you checked out Hadley's secret package? https://github.com/hadley/secure/blob/master/README.md Sent from my iPhone On 6 Jun 2015, at 8:19 am, Neal Fultz wrote: I am working on updating the RGoogleDocs package to use OAuth2, since the old api was recently turned off (at my job we use it

Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-05 Thread Dirk Eddelbuettel
On 5 June 2015 at 15:19, Neal Fultz wrote: | I am working on updating the RGoogleDocs package to use OAuth2, since the | old api was recently turned off (at my job we use it as a poor mans | database). | | As part of the auth process, I need to send google a client key and secret | in order to ga

Re: [R-pkg-devel] Keeping secrets in R packages

2015-06-05 Thread Duncan Murdoch
On 05/06/2015 6:19 PM, Neal Fultz wrote: > I am working on updating the RGoogleDocs package to use OAuth2, since the > old api was recently turned off (at my job we use it as a poor mans > database). > > As part of the auth process, I need to send google a client key and secret > in order to gain

[R-pkg-devel] Keeping secrets in R packages

2015-06-05 Thread Neal Fultz
I am working on updating the RGoogleDocs package to use OAuth2, since the old api was recently turned off (at my job we use it as a poor mans database). As part of the auth process, I need to send google a client key and secret in order to gain access to a spreadsheet. Is there a 'safe' place to s