Platform independent 'API' to access the operating system's credential store. Currently supports: 'Keychain' on 'macOS', Credential Store on 'Windows', the Secret Service 'API' on 'Linux', and a simple, platform independent store implemented with environment variables. Additional storage back-ends can be added easily.
Platform independent API to access the operating systems credential store. Currently supports:
backend_env). The last two are available on all platforms. Additional storage backends can be added easily.
libsecret library, at least version 0.16.
The file backend uses the sodium package:
No additional software needed
Install the package from CRAN:
default_backend(). In most cases you don't have to configure this.
backend_secret_service, if build with
Should you need to change the default backend, set the
R_KEYRING_BACKEND environment variable or the
option to the backend's name (e.g.
Each keyring can contain one or many secrets (keys). A key is defined by a service name and a password. Once a key is defined, it persists in the keyring store of the operating system. This means the keys persist beyond the termination of and R session. Specifically, you can define a key once, and then read the key value in completely independent R sessions.
A keyring is a collection of keys that can be treated as a unit.
A keyring typically has a name and a password to unlock it.
Note that all platforms have a default keyring, and
will use that automatically. The default keyring is also convenient,
because the OS unlocks it automatically when you log in, so secrets
are available immediately.
You only need to explicitly deal with keyrings and the
functions if you want to use a different keyring.
Please see our writeup of some
and as always, use the source code.
MIT © RStudio
File based backend (#53, @nbenn).
Fix bugs in
key_set() on Linux (#43, #51).
Windows: support non-ascii characters and spaces in
keyring (#48, #49, @javierluraschi).
Add support for listing service keys for env backend (#58, @javierluraschi).
keyring is now compatible with R 3.1.x and R 3.2.x.
libsecret is now optional on Linux. If not available, keyring is built without the Secret Service backend (#55).
get_raw() method on Windows.
get() tries the UTF-16LE encoding if the sting has embedded
zero bytes. This allows getting secrets that were
set in Credential Manager (#56).
list() when some secrets have no
: at all
(these were probably set externally) (#44).
First public release.