{"id":14068655,"url":"https://github.com/maxheld83/passhelpr","last_synced_at":"2026-01-20T20:12:14.775Z","repository":{"id":73224816,"uuid":"239714186","full_name":"maxheld83/passhelpr","owner":"maxheld83","description":"Gets a password, in that order from 1) env var, 2) system keychain, 3) prompt","archived":false,"fork":false,"pushed_at":"2020-02-12T11:07:57.000Z","size":73,"stargazers_count":4,"open_issues_count":9,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-06T14:43:31.757Z","etag":null,"topics":["basic-authentication","keychain","password","r","rstats"],"latest_commit_sha":null,"homepage":"https://www.maxheld.de/passhelpr/","language":"R","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maxheld83.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-02-11T08:40:15.000Z","updated_at":"2021-01-12T05:27:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"2736fa24-5e9a-4b69-8a65-1c5f079723df","html_url":"https://github.com/maxheld83/passhelpr","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/maxheld83/passhelpr","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxheld83%2Fpasshelpr","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxheld83%2Fpasshelpr/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxheld83%2Fpasshelpr/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxheld83%2Fpasshelpr/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maxheld83","download_url":"https://codeload.github.com/maxheld83/passhelpr/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maxheld83%2Fpasshelpr/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28612165,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T18:56:40.769Z","status":"ssl_error","status_checked_at":"2026-01-20T18:54:26.653Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["basic-authentication","keychain","password","r","rstats"],"created_at":"2024-08-13T07:06:19.747Z","updated_at":"2026-01-20T20:12:14.755Z","avatar_url":"https://github.com/maxheld83.png","language":"R","readme":"# passhelpr\n\n\u003c!-- badges: start --\u003e\n[![R build status](https://github.com/maxheld83/passhelpr/workflows/CICD/badge.svg)](https://github.com/maxheld83/passhelpr/actions)\n[![CRAN status](https://www.r-pkg.org/badges/version/passhelpr)](https://CRAN.R-project.org/package=passhelpr)\n[![Codecov test coverage](https://codecov.io/gh/maxheld83/passhelpr/branch/master/graph/badge.svg)](https://codecov.io/gh/maxheld83/passhelpr?branch=master)\n[![Lifecycle: experimental](https://img.shields.io/badge/lifecycle-experimental-orange.svg)](https://www.tidyverse.org/lifecycle/#experimental)\n\u003c!-- badges: end --\u003e\n\nThis packages gets passwords for [basic access authentication](https://en.wikipedia.org/wiki/basic_access_authentication) (BA, using username and password).\nIn this order, it gets them from environment variables, system keychains and interactive prompts.\n\n\n## Installation\n\nYou can install the released version of {passhelpr} from [GitHub](https://github.com/maxheld83/passhelpr) with:\n\n``` r\nremotes::install_github(\"maxhed83/passhelpr\")\n```\n\n\n## Usage\n\nLet's say you need to access an API from `foo-service.com` in your script and the API only offers BA.\nYour username is `alice` and your password is `bar` (bad, I know).\nYou want your script to work on your local development machine, but without entering your password on every run, so you'd like the password to be saved in your system keychain.\nYou also want it to work on a server, to which you pass your password as an environment variable `SECRET`.\nLastly, you may want the script to work on a cloud service, which allows you to declare special secret environment variables.\n\n```r\npasshelpr::get_pass2(\n  user = \"alice\", \n  password = Sys.getenv(\"SECRET\"),\n  service = \"foo-service.com\"\n)\n```\n\nIn this order, `get_pass2()` will:\n\n1. **Return `password`**, unless it is `NULL` or `\"\"`, as would be the case for an unset environment variable.\n    You can use this to get your password from an environment variable, by calling `Sys.getenv()`.\n    \n    You can use this for authenticating your script from a server, or in another non-interactive setting, where you cannot type in a password.\n    Make sure that you safely declare the environment variable, and be aware that it may be accessible to other processes.\n    \n    You can, of course, also just pass your password, though that would defeat the purpose of this package.\n    Remember not to store sensitive passwords in your scripts or enter it at the R console without a masked prompt.\n2. If `password` is `NULL` or `\"\"`, `get_pass2()` will **check the operating system keychain**.\n    If necessary, you will be asked to unlock the `keyring` on your system keychain.\n    The system keychain offers better security than environment variables, because secrets are stored encrypted and access can be more tightly controlled.\n    If there is a password for `service` and `user` in the `keyring`, it will be returned.\n    `keyring=NULL` will use your default system keyring (typically something like \"login\").\n3. If there is no matching password, or if the keychain cannot be used, you will be **prompted** to enter your password.\n    The password will be saved in the `keyring` under `service` and `user` for future use.\n\nThe function is pretty chatty and keeps you informed on what is happening\n\n\n### Usage on Cloud Services (GitHub Actions)\n\nSome cloud services provide better protection for \"secret\" environment variables.\nFor example, they may be entered separately in a web UI, stored in encrypted form and be redacted from logs and output.\nWhenever possible, you should use these protected environment variables.\n\nTo use them in `get_pass2()`, you must know how to pass these special environment variables to your script as `password`.\nThe syntax and features may differ depending on the cloud vendor.\n\nAs an example, consider GitHub Actions.\nGitHub Actions supports storing [secret environment variables](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) in the repository settings, and then passing them to your script using the [contexts and expression syntax for GitHub Actions](https://help.github.com/en/actions/reference/contexts-and-expression-syntax-for-github-actions).\nThis syntax is always surrounded with double braces `{{ }}`.\nRemember that the contexts and expression syntax is *only available in `*.yml` workflow files*.\nYou must therefore pass down the password from the secret environment format all the way down from the workflow file.\n\nFor example, let's assume you stored your password on GitHub as `EXAMPLE_SECRET`.\n\n```yaml\non: push\n\njobs:\n  myjob:\n    step:\n      - name: get password\n        run: Rscript -e \"passhelpr::get_pass2(user = 'alice', password = '${{ secrets.EXAMPLE_SECRET  }}', service = 'foo-service.com')\"\n```\n\nIf you need to use your password somewhere inside your script, you can also *declare* a new (unprotected) environment variable from the GitHub Actions yaml.\nThis may however contravene some of the protections around secret environment variables.\n\n```yaml\non: push\n\njobs:\n  myjob:\n    step:\n      - name: get password\n        run: Rscript -e \"passhelpr::get_pass2(user = 'alice', password = Sys.getenv('EXAMPLE_SECRET'), service = 'foo-service.com')\"\n        env:\n          EXAMPLE_SECRET: ${{ secrets.EXAMPLE_SECRET }}\n```\n\n\n## Caveats\n\nTo access APIs from scripts, key and token authentication are both more convenient and secure than BA (keys and tokens can be tightly scoped and revoked).\nUse it whenever you can.\n\nThe package closely follows {httr}'s advice on [managing secrets](https://httr.r-lib.org/articles/secrets.html).\nTo learn more about keeping your secrets safe, read that vignette.\n\n\n## Thanks\n\nThe package is a very thin wrapper around [{httr}](https://httr.r-lib.org), [{getPass}](https://cran.r-project.org/web/packages/getPass/index.html) and [{keyring}](https://github.com/r-lib/keyring).\n","funding_links":[],"categories":["R"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxheld83%2Fpasshelpr","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaxheld83%2Fpasshelpr","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaxheld83%2Fpasshelpr/lists"}