generated from fhdsl/OTTR_Quarto
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathweek1-passwords.qmd
46 lines (29 loc) · 2.11 KB
/
week1-passwords.qmd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
title: "Passwords and Code"
format: html
---
## Before we get started
A warning: do not store passwords in your code. It is a major security risk.
The key to avoiding this is to store the password where your machine can access it, but is not part of your code base. (If you are more advanced, you can store the password in your project directory, but make sure it is in your `.gitignore`).
There are multiple ways to store passwords securely:
- Store them as an Environment Variable on your machine
- Use a global `.Renviron` file to store it outside of your code: https://rstats.wtf/r-startup.html#renviron
- Store them in a secure password manager / keyring (see below).
## What are environment variables?
These are variables that can be seen by all applications, including R/RStudio. They are not stored within code, but as variables in memory. One of the ones you might have had to struggle wiht is `JAVA_HOME`, whih is where you set a Java installation.
We can set environment variables directly, or we can specify them in a file called `.Renviron` that lives in our home directory.
We will use them as a more secure way to store our passwords. We choose the `user` scope so that it is saved in our home directory, not the project directory. This way, we can protect our password from prying eyes and bots.
```{r}
usethis::edit_r_environ(scope="user")
```
Add the following to your `.Renviron` file:
```
CLASS_DB_PASSWORD="IntroSQL"
```
You may have to reopen the project for it to be loaded in your environment variables. We can now load the password using `Sys.getenv()`.
```{r}
Sys.getenv("CLASS_DB_PASSWORD")
```
You can also set the environment variable using Windows Control Panel or PowerShell: https://phoenixnap.com/kb/windows-set-environment-variable - the easiest way to do it is probably the control panel method.
There will probably be some sort of authentication process involved in connecting to your databases at Fred Hutch. I'll add more info when I know more.
There is much more about storing passwords and other secrets such as API keys here: <https://cran.r-project.org/web/packages/httr/vignettes/secrets.html>