在 Shiny 应用程序部署中隐藏密钥
[英]Hide Keys in Shiny Application Deploy
问题描述
I'm deploying an app to shinyapps.io using data I'm grabbing from S3 and I want to make sure my AWS keys are safe.
我正在使用从 S3 获取的数据将应用程序部署到 shinyapps.io,并且我想确保我的 AWS 密钥是安全的。 Currently within the app.R code I'm setting environment variables and then querying S3 to get the data.目前在 app.R 代码中,我正在设置环境变量,然后查询 S3 以获取数据。
Is there a way to create a file that obscures the keys and deploy it to shinyApss along with my app.R file有没有办法创建一个隐藏密钥的文件并将其与我的 app.R 文件一起部署到 shinyApss
Sys.setenv("AWS_ACCESS_KEY_ID" = "XXXXXXXX",
"AWS_SECRET_ACCESS_KEY" = "XXXXXXXXX",
"AWS_DEFAULT_REGION" = "us-east-2")
inventory =aws.s3::s3read_using(read.csv, object = "s3://bucket/file.csv")
I'll also add that I'm on the free plan so user authentication is not available otherwise I wouldn't fuss about my keys being visible.我还要补充一点,我正在使用免费计划,因此用户身份验证不可用,否则我不会对我的密钥可见而大惊小怪。
2 个解决方案
解决方案1
3 2021-02-22 13:05:01
Perhaps this solution is too basic, but you can simply create a.txt file, with the keys in it one per line.也许这个解决方案太基本了,但您可以简单地创建一个 .txt 文件,其中每行一个键。 Than you can use scan() to read that file.比您可以使用scan()来读取该文件。
Something like:就像是:
Sys.setenv("AWS_ACCESS_KEY_ID" = scan("file.txt",what="character")[1],
"AWS_SECRET_ACCESS_KEY" = scan("file.txt",what="character")[2],
"AWS_DEFAULT_REGION" = "us-east-2")
It is similar to the first solution in the "managing secrets" link in the comments, except that we use a simple text format instead of JSON.它类似于评论中“管理机密”链接中的第一个解决方案,只是我们使用简单的文本格式而不是 JSON。
解决方案2
1 已采纳 2021-02-25 15:23:11
I recommend the following solution and the reasons behind it:我推荐以下解决方案及其背后的原因:
Firstly, create a file named.Renviron (just create it with a text editor like the one on RStudio).首先,创建一个名为.Renviron 的文件(只需使用 RStudio 上的文本编辑器创建它)。 Since that file has a dot before the name, the file will be hidden (in Mac/Linux for example).由于该文件的名称前有一个点,因此该文件将被隐藏(例如在 Mac/Linux 中)。 Type the following:键入以下内容:
AWS_ACCESS_KEY_ID = "your_access_key_id"
AWS_SECRET_ACCESS_KEY = "you_secret_access_key"
AWS_DEFAULT_REGION = "us-east-2"
Secondly, if you are using.git it is advisable to add the following text in your gitignore file (so to avoid to share that file for version control):其次,如果您使用的是.git,建议在您的 gitignore 文件中添加以下文本(以避免共享该文件以进行版本控制):
# R Environment Variables
.Renviron
Finally you can retrieve the values stored in.Renviron to connect to your databases, S3 buckets and so on:最后,您可以检索存储在.Renviron 中的值以连接到您的数据库、S3 存储桶等:
library(aws.s3)
bucketlist(key = Sys.getenv("AWS_ACCESS_KEY_ID"),
secret = Sys.getenv("AWS_SECRET_ACCESS_KEY"))
In that way your keys will be "obscured" and will be retrieved by the function Sys.getenv from .Renviron so you can protect your code.这样,您的密钥将被“隐藏”,并将由 function Sys.getenv从.Renviron检索,因此您可以保护您的代码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.