Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hide Keys in Shiny Application Deploy

Tags:

r

amazon-s3

shiny

shinyapps

I'm deploying an app to shinyapps.io using data I'm grabbing from S3 and I want to make sure my AWS keys are safe. Currently within the app.R code I'm setting environment variables and then querying S3 to get the data.

Is there a way to create a file that obscures the keys and deploy it to shinyApss along with my app.R file

Sys.setenv("AWS_ACCESS_KEY_ID" = "XXXXXXXX",
           "AWS_SECRET_ACCESS_KEY" = "XXXXXXXXX",
           "AWS_DEFAULT_REGION" = "us-east-2")


inventory =aws.s3::s3read_using(read.csv, object = "s3://bucket/file.csv")

I'll also add that I'm on the free plan so user authentication is not available otherwise I wouldn't fuss about my keys being visible.

like image 870
ben890 Avatar asked Feb 16 '21 00:02

ben890

2 Answers

I recommend the following solution and the reasons behind it:

Firstly, create a file named .Renviron (just create it with a text editor like the one on RStudio). Since that file has a dot before the name, the file will be hidden (in Mac/Linux for example). Type the following:

AWS_ACCESS_KEY_ID = "your_access_key_id"
AWS_SECRET_ACCESS_KEY = "you_secret_access_key"
AWS_DEFAULT_REGION = "us-east-2"

Secondly, if you are using .git it is advisable to add the following text in your gitignore file (so to avoid to share that file for version control):

# R Environment Variables
.Renviron

Finally you can retrieve the values stored in .Renviron to connect to your databases, S3 buckets and so on:

library(aws.s3)
bucketlist(key = Sys.getenv("AWS_ACCESS_KEY_ID"), 
secret = Sys.getenv("AWS_SECRET_ACCESS_KEY"))

In that way your keys will be "obscured" and will be retrieved by the function Sys.getenv from .Renviron so you can protect your code.

like image 183
Manu Avatar answered Oct 17 '22 04:10

Manu

Perhaps this solution is too basic, but you can simply create a .txt file, with the keys in it one per line. Than you can use scan() to read that file.

Something like:

   Sys.setenv("AWS_ACCESS_KEY_ID" = scan("file.txt",what="character")[1],
           "AWS_SECRET_ACCESS_KEY" = scan("file.txt",what="character")[2],
           "AWS_DEFAULT_REGION" = "us-east-2")

It is similar to the first solution in the "managing secrets" link in the comments, except that we use a simple text format instead of JSON.

like image 27
JMenezes Avatar answered Oct 17 '22 03:10

JMenezes
Sign in to Comment

Related questions

R data.table: how to go from tibble to data.table to tibble back?
How to format a Date as "YYYY-Mon" with Lubridate?
tidyverse: row wise calculations by group
Read CSV file with embedded double quotes and commas
How to add legend in ggplot for each facet?
customize legend in ggplot2 with sf objects
Why does type.convert not convert large "integers" that are stored as numeric to integer?
Counting number of rows since last observation that fulfills condition
how to set value in S4 object r using a method (no input value needed)
asymmetrical distance between groups in alluvial diagram
How to sequentially output partial (base r) plots in rmarkdown/knitr?
readxl::read_xls returns "libxls error: Unable to open file"
How to calculate the elder generation’ maximum education year in one family
How to calculate a (co-)occurrence matrix from a data frame with several columns using R?
conditionally fill ggtext text boxes in facet_wrap
R CMD SHLIB Fortran 90 file which use NetCDF
Comparing Plumbr to other options for making a chart with R in a Python script
Pass expressions to function to evaluate within data.table to allow for internal optimisation
Rearranging a 'ggplot2' Legend to Mix and Match Different Levels
Fast parallel bipartite distance calculation in R

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!