googlesecretmanager 🔐

Keep your secrets safe and sound in the cloud! 🚀

An R package that makes it easy and secure to manage your secrets using Google Cloud Secret Manager. Whether you're building a Shiny app, running R scripts in production, or managing sensitive configuration, googlesecretmanager has got you covered!

Quick Start 🚀

# Install the package
remotes::install_github("brancengregory/googlesecretmanager")

# Load and authenticate (opens browser)
library(googlesecretmanager)
gargle::credentials_app_default()

# Start managing secrets!
sm_project_set("my-project-id")
sm_secret_create("api-key", replication = list(automatic = list()))
sm_secret_version_add("api-key", "your-secret-value")

Installation

You can install the development version of googlesecretmanager from GitHub using:

# install.packages("remotes")
remotes::install_github("brancengregory/googlesecretmanager")

Authentication 🔑

This package uses gargle for secure authentication with Google Cloud. Choose your preferred method:

1. Quick & Easy: Application Default Credentials

library(googlesecretmanager)
gargle::credentials_app_default()  # Opens browser for authentication

2. Production Ready: Service Account

library(googlesecretmanager)
gargle::credentials_service_account(
  path = "path/to/service-account-key.json"
)

3. Advanced: Explicit Token

library(googlesecretmanager)
token <- gargle::token_fetch(
  scopes = "https://www.googleapis.com/auth/cloud-platform"
)
googlesecretmanager_auth(token = token)

Common Use Cases 🎯

1. Managing API Keys

# Store an API key
sm_secret_create("stripe-api-key")
sm_secret_version_add("stripe-api-key", "sk_live_...")

# Retrieve in your application
api_key <- sm_secret_version_get("stripe-api-key")

2. Configuration Management

# Store database credentials
db_config <- list(
  host = "db.example.com",
  user = "admin",
  password = "secret123"
)
sm_secret_create("db-config")
sm_secret_version_add("db-config", jsonlite::toJSON(db_config))

# Use in your application
config <- jsonlite::fromJSON(sm_secret_version_get("db-config"))

3. Rotating Secrets

# Add a new version
sm_secret_version_add("api-key", "new-secret-value")

# List versions
versions <- sm_secret_version_ls("api-key")

# Delete old versions
sm_secret_version_delete("api-key", "old-version-id")

Features ✨

• 🔒 Secure secret management with Google Cloud
• 🔄 Version control for secrets
• 🔐 Multiple authentication methods
• 📦 Easy integration with R applications
• 🛠️ Comprehensive API coverage
• ⚡ Efficient secret retrieval
• 🎯 Project-level operations
• 📝 Detailed error messages

Security Best Practices 🛡️

1. Never commit secrets to version control
2. Use appropriate IAM roles and permissions
3. Rotate secrets regularly
4. Enable audit logging in Google Cloud
5. Use service accounts for production
6. Keep your R session secure
7. Be cautious with secret output in logs

Troubleshooting 🔧

Common Issues

1. Authentication Failed

   • Check your Google Cloud credentials
   • Verify project permissions
   • Ensure correct scopes are set

2. Secret Not Found

   • Verify project ID
   • Check secret name spelling
   • Confirm secret exists in Google Cloud Console

3. Permission Denied

   • Review IAM roles
   • Check service account permissions
   • Verify project access

Development 🛠️

This package is built with:

• testthat for testing
• roxygen2 for documentation
• renv for dependency management

Contributing 🤝

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Add tests for new functionality
4. Submit a pull request

Getting Help 💬

• 📚 Package Documentation
• 🔍 Google Cloud Secret Manager Docs
• 🐛 Report Issues

License 📄

This project is licensed under the MIT License - see the LICENSE file for details.