Configuration Encryption¶
RSPM supports the encryption of sensitive configuration options. For example,
both the Postgres Password setting and
the Proxy Password setting support encyption.
RSPM Encrypt¶
To encrypt a sensitive configuration setting, use the rspm encrypt command. For example:
Terminal
$ rspm encrypt
Encryption: Enter the plain text value below.
Encryption: Encrypted value printed to stdout
Qu0lI/gridhu85sqChwFtP2wFkqCcWt9owBpxFjAhKFaU2ZraBB2LM62Ieo=
Note
Only settings that have the type of encrypted-string
support encryption.
Key file¶
The rspm encrypt command creates a key file called rstudio-pm.key at the specified
Server.EncryptionKeyPath location or
if left unspecified in the Server.DataDir. This
key must not be deleted for the RSPM server to properly read the configuration file.
It also needs to be owned by the same account that runs the RSPM server, in most cases
this is the rstudio-pm account.
Tip
Check the file permissions by running ls -l /path/to/key/file. If the file is not
owned by the same user that runs RSPM, change it by running
sudo chown [user-account] /path/to/key/file.