27

I want to pass secure parameters to shinyapps.io deployment so my application could get them via:

Sys.getenv('PASSWORD_X')

I cannot find anything for this in deployApp function in the rsconnect package.

Improve this question
5
  • 1
    Good question in general. But on a note regarding security, once you pass these parameters to shinyapps.io they’re no longer secure: you’ve given them to a third party.
    – Konrad Rudolph
    Commented Aug 22, 2016 at 16:23
  • well, that is true about any third party, e.g. amazon will have our keys
    – Bulat
    Commented Aug 22, 2016 at 16:31
  • btw, any other method of sending keys so App could read say from S3 will be helpful. Current option I have is sending keys in a text file (e.g. json) but I will have to set env vars anyway as all aws related packages are implemented this way.
    – Bulat
    Commented Aug 22, 2016 at 17:23
  • 2
    You'd have to seriously distrust Amazon EC2 administrators or the implementation of their hypervisor if you really believe that "Amazon will have your keys" if you use environment variables for secrets on an EC2 instance.
    – hrbrmstr
    Commented Sep 20, 2016 at 2:59
  • @hrbrmstr you are right, I don't believe that. Same can be true about Shiny.
    – Bulat
    Commented Sep 22, 2016 at 12:01

1 Answer 1

Reset to default
25
+50

You can use Renviron.site or .Renviron to store and access private data into your shiny application. (see here for Hadley Wickham's recommendations and instructions - ref example below).

Solution:

Storing API Authentication Keys/Tokens (Attribution: Hadley Wickham)

If your package supports an authentication workflow based on an API key or token, encourage users to store it in an environment variable. We illustrate this using the github R package, which wraps the Github v3 API. Tailor this template to your API + package and include in README.md or a vignette.

  1. Create a personal access token in the Personal access tokens area of your GitHub personal settings. Copy token to the clipboard.
  2. Identify your home directory. Not sure? Enter normalizePath("~/") in the R console.
  3. Create a new text file. If in RStudio, do File > New File > Text file.

  4. Create a line like this:

    GITHUB_PAT=blahblahblahblahblahblah

where the name GITHUB_PAT reminds you which API this is for and blahblahblahblahblahblah is your personal access token, pasted from the clipboard.

  1. Make sure the last line in the file is empty (if it isn’t R will silently fail to load the file. If you’re using an editor that shows line numbers, there should be two lines, where the second one is empty.

  2. Save in your home directory with the filename .Renviron. If questioned, YES you do want to use a filename that begins with a dot ..

    • Note that by default dotfiles are usually hidden. But within RStudio, the file browser will make .Renviron visible and therefore easy to edit in the future.

  3. Restart R. .Renviron is processed only at the start of an R session.

  4. Use Sys.getenv() to access your token. For example, here’s how to use your GITHUB_PAT with the github package:

    library(github)
ctx <- create.github.context(access_token = Sys.getenv("GITHUB_PAT"))
# ... proceed to use other package functions to open issues, etc.

FAQ: Why define this environment variable via .Renviron instead of in .bash_profile or .bashrc?

Because there are many combinations of OS and ways of running R where the .Renviron approach “just works” and the bash stuff does not. When R is a child process of, say, Emacs or RStudio, you can’t always count on environment variables being passed to R. Put them in an R-specific start-up file and save yourself some grief.

Improve this answer
5
  • you can remove details about s3, it was an example, but is not relevant as a solution. Looking into .Renviron, I think it is all I need really. Need to test it with shinyapps.
    – Bulat
    Commented Sep 26, 2016 at 12:39
  • Happy to help - take care
    – Technophobe01
    Commented Sep 26, 2016 at 20:11
  • 5
    This worked for me after creating a copy of my .Renviron file in the root directory of my Shiny application.
    – Erik Iverson
    Commented Dec 15, 2016 at 0:19
  • 2
    From a security standpoint, is it safe to deploy API keys in .Renviron to shinyapps.io?
    – lauren.marietta
    Commented May 8, 2020 at 17:36
  • 1
    Lauren, I believe so subject to file permissions. Personally, I would'nt trust that answer chuckle. You may want to check with RStudio at [email protected] docs.rstudio.com/shinyapps.io/security-and-compliance.html I sent an email to RStudio...
    – Technophobe01
    Commented May 9, 2020 at 1:47

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.