gargle_secret: Encrypt/decrypt JSON or an R object
In r-lib/gargle: Utilities for Working with Google APIs
gargle_secret R Documentation
Encrypt/decrypt JSON or an R object
Description
These functions help to encrypt and decrypt confidential information that you
might need when deploying gargle-using projects or in CI/CD. They basically
rely on inlined copies of the secret functions in the httr2 package. The awkwardness of
inlining code from httr2 can be removed if/when gargle starts to depend on
httr2.
The secret_encrypt_json() + secret_decrypt_json() pair is unique to
gargle, given how frequently Google auth relies on JSON files, e.g., service
account tokens and OAuth clients.
The secret_write_rds() + secret_read_rds() pair is just a copy of
functions from httr2. They are handy if you need to secure a user token.
-
secret_make_key() and secret_has_key() are also copies of functions
from httr2. Use secret_make_key to generate a key. Use secret_has_key()
to condition on key availability in, e.g., examples, tests, or apps.
Usage
secret_encrypt_json(json, path = NULL, key)
secret_decrypt_json(path, key)
secret_make_key()
secret_write_rds(x, path, key)
secret_read_rds(path, key)
secret_has_key(key)
Arguments
json
A JSON file (or string).
path
The path to write to (secret_encrypt_json(),
secret_write_rds()) or to read from (secret_decrypt_json(),
secret_read_rds()).
key
Encryption key, as implemented by httr2's secret functions. This should
almost always be the name of an environment variable whose value was
generated with secret_make_key() (which is an inlined copy of
httr2::secret_make_key()).
x
An R object.
Value
-
secret_encrypt_json(): The encrypted JSON string, invisibly. In typical
use, this function is mainly called for its side effect, which is to write an
encrypted file.
-
secret_decrypt_json(): The decrypted JSON string, invisibly.
-
secret_write_rds(): x, invisibly
-
secret_read_rds(): the decrypted object.
-
secret_make_key(): a random string to use as an encryption key.
-
secret_has_key() returns TRUE if the key is available and FALSE
otherwise.
Examples
# gargle ships with JSON for a fake service account
# here we put the encrypted JSON into a new file
tmp <- tempfile()
secret_encrypt_json(
fs::path_package("gargle", "extdata", "fake_service_account.json"),
tmp,
key = "GARGLE_KEY"
)
# complete the round trip by providing the decrypted JSON to a credential
# function
credentials_service_account(
scopes = "https://www.googleapis.com/auth/userinfo.email",
path = secret_decrypt_json(
fs::path_package("gargle", "secret", "gargle-testing.json"),
key = "GARGLE_KEY"
)
)
file.remove(tmp)
# make an artificial Gargle2.0 token
fauxen <- gargle2.0_token(
email = "jane@example.org",
client = gargle_oauth_client(
id = "CLIENT_ID", secret = "SECRET", name = "CLIENT"
),
credentials = list(token = "fauxen"),
cache = FALSE
)
fauxen
# store the fake token in an encrypted file
tmp2 <- tempfile()
secret_write_rds(fauxen, path = tmp2, key = "GARGLE_KEY")
# complete the round trip by providing the decrypted token to the "BYO token"
# credential function
rt_fauxen <- credentials_byo_oauth2(
token = secret_read_rds(tmp2, key = "GARGLE_KEY")
)
rt_fauxen
file.remove(tmp2)
r-lib/gargle documentation built on Sept. 10, 2023, 10:38 a.m.
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
| gargle_secret | R Documentation |
Encrypt/decrypt JSON or an R object
Description
These functions help to encrypt and decrypt confidential information that you might need when deploying gargle-using projects or in CI/CD. They basically rely on inlined copies of the secret functions in the httr2 package. The awkwardness of inlining code from httr2 can be removed if/when gargle starts to depend on httr2.
The
secret_encrypt_json()+secret_decrypt_json()pair is unique to gargle, given how frequently Google auth relies on JSON files, e.g., service account tokens and OAuth clients.The
secret_write_rds()+secret_read_rds()pair is just a copy of functions from httr2. They are handy if you need to secure a user token.-
secret_make_key()andsecret_has_key()are also copies of functions from httr2. Usesecret_make_keyto generate a key. Usesecret_has_key()to condition on key availability in, e.g., examples, tests, or apps.
Usage
secret_encrypt_json(json, path = NULL, key)
secret_decrypt_json(path, key)
secret_make_key()
secret_write_rds(x, path, key)
secret_read_rds(path, key)
secret_has_key(key)
Arguments
json |
A JSON file (or string). |
path |
The path to write to ( |
key |
Encryption key, as implemented by httr2's secret functions. This should
almost always be the name of an environment variable whose value was
generated with |
x |
An R object. |
Value
-
secret_encrypt_json(): The encrypted JSON string, invisibly. In typical use, this function is mainly called for its side effect, which is to write an encrypted file. -
secret_decrypt_json(): The decrypted JSON string, invisibly. -
secret_write_rds():x, invisibly -
secret_read_rds(): the decrypted object. -
secret_make_key(): a random string to use as an encryption key. -
secret_has_key()returnsTRUEif the key is available andFALSEotherwise.
Examples
# gargle ships with JSON for a fake service account
# here we put the encrypted JSON into a new file
tmp <- tempfile()
secret_encrypt_json(
fs::path_package("gargle", "extdata", "fake_service_account.json"),
tmp,
key = "GARGLE_KEY"
)
# complete the round trip by providing the decrypted JSON to a credential
# function
credentials_service_account(
scopes = "https://www.googleapis.com/auth/userinfo.email",
path = secret_decrypt_json(
fs::path_package("gargle", "secret", "gargle-testing.json"),
key = "GARGLE_KEY"
)
)
file.remove(tmp)
# make an artificial Gargle2.0 token
fauxen <- gargle2.0_token(
email = "jane@example.org",
client = gargle_oauth_client(
id = "CLIENT_ID", secret = "SECRET", name = "CLIENT"
),
credentials = list(token = "fauxen"),
cache = FALSE
)
fauxen
# store the fake token in an encrypted file
tmp2 <- tempfile()
secret_write_rds(fauxen, path = tmp2, key = "GARGLE_KEY")
# complete the round trip by providing the decrypted token to the "BYO token"
# credential function
rt_fauxen <- credentials_byo_oauth2(
token = secret_read_rds(tmp2, key = "GARGLE_KEY")
)
rt_fauxen
file.remove(tmp2)
R Package Documentation
Browse R Packages
We want your feedback!
Note that we can't provide technical support on individual packages. You should contact the package authors for that.
Embedding an R snippet on your website
Add the following code to your website.
For more information on customizing the embed code, read Embedding Snippets.