Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Can you keep a secret?

Can you keep a secret?

How to encrypt secrets in R using the 'secret' package. This is a talk I gave at UseR!2017, Brussels

Avatar for Andrie de Vries

Andrie de Vries

July 29, 2017
Tweet

More Decks by Andrie de Vries

Other Decks in Programming

Transcript

  1. Can you keep a secret? Using R to encrypt and

    share secrets Andrie de Vries Senior PM, Data science lead, Microsoft @RevoAndrie UseR!2017, Brussels
  2. Andrie de Vries 2 CRAN packages: • ggdendro • sss

    • miniCRAN • checkpoint • secret StackOverflow: andrie Twitter: @RevoAndrie github.com/andrie
  3. • Sharing secrets in plain text • Files / email

    • Inadvertent leaks from R • .History • .Rdata • Other inadvertent leaks • Private github projects that become public (Inadvertently) leaking secrets
  4. • Plain text file outside your project • Won’t go

    into version control • But not secure • Encrypted file outside your project • Difficult to share • Encrypted file inside your project Options for preventing leaks But how do you share the secret with your collaborators?
  5. • Every user has a private / public key pair

    • Share public keys in the open • Encrypt secrets with: • Your private key • The counterparty’s public key • Decrypt using your private key Summary
  6. • On CRAN now • Published 2017-06-17 • https://cran.r-project.org/package=secret •

    Maintainer: Gábor Csárdi • Functionality • Create a vault • Add users • Encrypt and decrypt secrets • Share secrets Use the `secret` package Gábor Csárdi
  7. • Encrypt a secret to use on different machines •

    Encrypt SQL server credentials • Develop locally or in Data Science Virtual Machine, then deploy in Azure • Encrypt a secret to share with team • Use github or Visual Studio Team Services for version control • Encrypt secret to use with continuous integration • Use github for version control • Automatically start Travis job on push Use cases
  8. • The demo is based on the package vignette •

    https://cran.r-project.org/web/packages/secret/vignettes/secrets.html Demo
  9. If you use windows, you most likely created your keys

    using PuttyGen. • Note that the key created by PuttyGen is not in OpenSSH format. • Convert the format with PuttyGen – use /Conversions/Export OpenSSH key Note that the folder ~/.ssh in Windows usually expands to C:/Users/YOURNAME/Documents/.ssh. You can find the full path by using: normalizePath("~/.ssh", mustWork = FALSE) ## [1] "C:/Users/adevries/Documents/.ssh" Note for Windows users
  10. • CRAN • https://cran.r-project.org/package=secret • Github • https://github.com/gaborcsardi/secret • Vignette

    • https://cran.r-project.org/web/packages/secret/vignettes/secrets.html Resources