{"id":13858236,"url":"https://github.com/r-lib/keyring","last_synced_at":"2025-05-15T07:06:32.898Z","repository":{"id":18364831,"uuid":"80223347","full_name":"r-lib/keyring","owner":"r-lib","description":":closed_lock_with_key: Access the system credential store from R","archived":false,"fork":false,"pushed_at":"2025-05-07T08:41:46.000Z","size":6254,"stargazers_count":199,"open_issues_count":14,"forks_count":30,"subscribers_count":6,"default_branch":"main","last_synced_at":"2025-05-10T11:52:29.114Z","etag":null,"topics":["keyring","r","security"],"latest_commit_sha":null,"homepage":"https://keyring.r-lib.org/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/r-lib.png","metadata":{"files":{"readme":"README.Rmd","changelog":"NEWS.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-01-27T16:18:55.000Z","updated_at":"2025-05-07T08:39:53.000Z","dependencies_parsed_at":"2023-01-16T20:16:23.382Z","dependency_job_id":"4804fa1c-552d-401c-bc8f-bc1e80614b90","html_url":"https://github.com/r-lib/keyring","commit_stats":{"total_commits":326,"total_committers":17,"mean_commits":"19.176470588235293","dds":"0.17484662576687116","last_synced_commit":"b01faec046b0d050ce58b7133e3895626af12d09"},"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-lib%2Fkeyring","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-lib%2Fkeyring/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-lib%2Fkeyring/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/r-lib%2Fkeyring/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/r-lib","download_url":"https://codeload.github.com/r-lib/keyring/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254076855,"owners_count":22010612,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["keyring","r","security"],"created_at":"2024-08-05T03:02:01.450Z","updated_at":"2025-05-15T07:06:27.890Z","avatar_url":"https://github.com/r-lib.png","language":"C","funding_links":[],"categories":["R"],"sub_categories":[],"readme":"---\noutput: github_document\n---\n\n```{r, setup, echo = FALSE, message = FALSE}\nknitr::opts_chunk$set(\n  comment = \"#\u003e\",\n  tidy = FALSE,\n  error = FALSE,\n  fig.width = 8,\n  fig.height = 8)\n```\n\n# keyring\n\n\u003c!-- badges: start --\u003e\n\n[![R-CMD-check](https://github.com/r-lib/keyring/actions/workflows/R-CMD-check.yaml/badge.svg)](https://github.com/r-lib/keyring/actions/workflows/R-CMD-check.yaml) [![](https://www.r-pkg.org/badges/version/keyring)](https://www.r-pkg.org/pkg/keyring) [![CRAN RStudio mirror downloads](https://cranlogs.r-pkg.org/badges/keyring)](https://www.r-pkg.org/pkg/keyring) [![Codecov test coverage](https://codecov.io/gh/r-lib/keyring/branch/main/graph/badge.svg)](https://app.codecov.io/gh/r-lib/keyring?branch=main)\n\n\u003c!-- badges: end --\u003e\n\nkeyring provides a way to securely manage secrets using your operating system's credential store.\nOnce a secret is defined, it persists in a \"keyring\" across multiple R sessions.\nkeyring is an alternative to using environment variables that's a bit more secure because your secret is never stored in plain text, meaning that you can for instance never accidentally upload it to GitHub.\nFor more security, you can also store secrets in a custom keyring that always requires a password to unlock.\n\nkeyring currently supports:\n\n-   The macOS Keychain (`backend_macos`).\n-   The Windows Credential Store (`backend_wincred`).\n-   The Linux Secret Service API (`backend_secret_service`).\n\nIt also provides two backends that are available on all platforms:\n\n-   Encrypted files (`backend_file`)\n-   Environment variables (`backend_env`).\n\n## Installation\n\nInstall the package from CRAN:\n\n```{r eval = FALSE}\n# install.packages(\"pak\")\npak::pak(\"keyring\")\n```\n\nWe recommend using pak to install keyring as it will ensure that Linux system requirements are automatically installed (for instance Ubuntu requires `libsecret-1-dev` and `libssl-dev`).\n\nTo install the development version from GitHub, use:\n```{r eval = FALSE}\npak::pak(\"r-lib/keyring\")\n```\n\n## Usage\n\nThe simplest usage only requires `key_set()` and `key_get()`:\n\n```{r}\n#| eval: false\n\n# Interactively save a secret. This avoids typing the value of the secret\n# into the console as this could be recorded in your `.Rhistory`\nkey_set(\"secret-name\")\n\n# Later retrieve that secret\nkey_get(\"secret-name\")\n```\n\nEach secret is associated with a keyring.\nBy default, keyring will use the OS keyring (see `default_backend()` for details), which is automatically unlocked when you log into your computer account.\nThat means while the secret is stored securely, it can be accessed by other processes.\n\nIf you want greater security you can create a custom keyring that you manually lock and unlock.\nThat will require you to enter a custom password every time you want to access your secret.\n\n```{r}\n#| eval: FALSE\nkeyring_create(\"mypackage\")\nkey_set(\"secret-name\", keyring = \"mypackage\")\nkey_get(\"secret-name\", keyring = \"mypackage\")\n```\n\nAccessing the key unlocks the keyring, so if you're being really careful, you might want to lock it after you've retrieved the value with `keyring_lock()`.\n\n### GitHub\n\nWhen you use keyring on GitHub, it will fall back to the environment variable backend.\nThat means if you want to use `key_get(\"mysecret\")` you need to do two things:\n\n-   Add a [new action secret](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository) to your repository.\n\n-   Make the secret available in your workflow `.yml`, for instance\n\n    ``` yaml\n        env:\n          GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }}\n          R_KEEP_PKG_SOURCE: yes\n          MY_SECRET: ${{ secrets.my_secret }}\n    ```\n\nThe envvar backend doesn't support custom keyrings, so if you're using one locally you'll need to use the default keyring on GitHub.\n\n## Development documentation\n\nPlease see our [writeup of some `keyring` internals](https://github.com/r-lib/keyring/blob/main/inst/development-notes.md), and as always, use the source code.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr-lib%2Fkeyring","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr-lib%2Fkeyring","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr-lib%2Fkeyring/lists"}