0

I'd like to revisit an old SO question about passwords. Like the OP, I don't want to enter my password interactively, but I am confused about how to store the password securely on my machine and share scripts with colleagues (and I'd add specifically, push scripts to GitHub). The accepted answer involves storing the password in .Rprofile, but one commenter suggests that this is not a good idea.

In my specific use case, I have a script that runs every day on a virtual machine that I want other members of my team to access. At the end of the run, it sends an email with the mailR package. This code looks for my gmail password. I've set up 2-step authentication, so mypassword is a third-party password, not my actual gmail password. Still, I am hesitant to share this with others. I'd like to be able to push the script to a private git repo.

send.mail(from = "myemail@gmail.com",
            to = tolist,
            subject = "my subject",
            body = "my message",
            smtp = list(host.name = "smtp.gmail.com", port = 465, 
                        user.name = "myusername", 
                        passwd = "mypassword", 
                        ssl = TRUE),
            authenticate = TRUE,
            html = FALSE,
            send = TRUE)

How would you store mypassword?

  1. Storing it in .Rprofile seems to be an option, but I don't know if there are downsides like the one mentioned in response to the accepted answer in the question I linked to.

  2. I could store it in another file like auth.R and run source('auth.R') before send.mail, but this would put the password in the global environment.

  3. Other ideas?

Community
  • 1
  • 1
Eric Green
  • 7,385
  • 11
  • 56
  • 102
  • There is no way to both securely/privately store and publicly use your password in the way you desire. You can store in binary or use a hash or some other form of encryption, but to use it, your code will disclose the decoding method which is the same as storing it in plain text. – Thomas Jul 27 '14 at 20:51
  • Do you want the people you share this script with to use *their* passwords here? Do all the members have a gmail account and the same password setup as you? Is that the problem? Solution may then be to access the password from a keyring, eg https://pypi.python.org/pypi/keyring (python code) – Spacedman Jul 27 '14 at 22:22
  • @Spacedman, no, it would be my password so the email always comes from the same account. – Eric Green Jul 28 '14 at 00:36

0 Answers0