Configuration Encryption#
Package Manager supports the encryption of sensitive configuration options. For example, the Postgres.Password
, Proxy.Password
, and Manifest.Password
settings all support plain text or encrypted values.
Encrypt a setting#
To encrypt a sensitive configuration setting, use the rspm encrypt
command. For example:
$ rspm encrypt
<< Encryption: Enter the plain text value below.
<< Qu0lI/gridhu85sqChwFtP2wFkqCcWt9owBpxFjAhKFaU2ZraBB2LM62Ieo=
Note
Only settings that have the type of encrypted-string
support encryption.
Key file#
The rspm encrypt
command creates a key file called rstudio-pm.key
at the specified Server.EncryptionKeyPath
location or if left unspecified in the Server.DataDir
. This key must not be deleted for the Package Manager server to properly read the configuration file. It also needs to be owned by the same account that runs the Package Manager server, in most cases this is the rstudio-pm
account.
Tip
Check the file permissions by running ls -l /path/to/key/file
. If the file is not owned by the same user that runs Package Manager, change it by running sudo chown [user-account] /path/to/key/file
.
Note that the PACKAGEMANAGER_ENCRYPTION_KEY
environment variable can be used to specify the encryption key to rspm encrypt
in place of the key file, which may be preferable to managing the file directly in some cases.