Package Manager supports the encryption of sensitive configuration options. For example, the
Manifest.Password settings all support plain text or encrypted values.
Encrypt a setting#
To encrypt a sensitive configuration setting, use the
rspm encrypt command. For example:
Only settings that have the type of
encrypted-string support encryption.
rspm encrypt command creates a key file called
rstudio-pm.key at the specified
Server.EncryptionKeyPath location or if left unspecified in the
Server.DataDir. This key must not be deleted for the Package Manager server to properly read the configuration file. It also needs to be owned by the same account that runs the Package Manager server, in most cases this is the
Check the file permissions by running
ls -l /path/to/key/file. If the file is not owned by the same user that runs Package Manager, change it by running
sudo chown [user-account] /path/to/key/file.
Note that the
PACKAGEMANAGER_ENCRYPTION_KEY environment variable can be used to specify the encryption key to
rspm encrypt in place of the key file, which may be preferable to managing the file directly in some cases.