我在下面的博客文章中概述了我在 Windows 上实现此目的的方法:
本质上...
确保您已启用 PowerShell 执行。
将以下文本保存到名为 EncryptPassword.ps1 的文件中:
# Create directory user profile if it doesn't already exist.
$passwordDir = "$($env:USERPROFILE)\DPAPI\passwords\$($env:computername)"
New-Item -ItemType Directory -Force -Path $passwordDir
# Prompt for password to encrypt
$account = Read-Host "Please enter a label for the text to encrypt. This will be how you refer to the password in R. eg. MYDB_MYUSER
$SecurePassword = Read-Host -AsSecureString "Enter password" | convertfrom-securestring | out-file "$($passwordDir)\$($account).txt"
# Check output and press any key to exit
Write-Host "Press any key to continue..."
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
执行上面的脚本(右键单击 > 使用 PowerShell 运行),为密码提供一个有意义的名称,然后输入密码。您现在可以通过检查 %USERPROFILE%/DPAPI/passwords/[PC NAME]/[PASSWORD IDENTIFIER.txt] 中的文件来验证密码是否已加密
现在从 R 中运行以下代码(我将此函数保存在一个 R 脚本中,该脚本在每个脚本的开头提供。
getEncryptedPassword <- function(credential_label, credential_path) {
# if path not supplied, use %USER_PROFILE%\DPAPI\passwords\computername\credential_label.txt as default
if (missing(credential_path)) {
credential_path <- paste(Sys.getenv("USERPROFILE"), '\\DPAPI\\passwords\\', Sys.info()["nodename"], '\\', credential_label, '.txt', sep="")
}
# construct command
command <- paste('powershell -command "$PlainPassword = Get-Content ', credential_path, '; $SecurePassword = ConvertTo-SecureString $PlainPassword; $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword); $UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR); echo $UnsecurePassword"', sep='')
# execute powershell and return command
return(system(command, intern=TRUE))
}
现在,当您需要在 R 中提供密码时,您可以运行以下命令,而不是硬编码/提示输入密码:
getEncryptedPassword("[PASSWORD IDENTIFIER]")
例如,不要运行 ROracle 命令:
dbConnect(driver, "MYUSER", "MY PASSWORD", dbname="MYDB")
您可以改为运行它(我在第 3 步中提供的标识符是“MYUSER_MYDB”:
dbConnect(driver, "MYUSER", getEncryptedPassword("MYUSER_MYDB"), dbname="MYDB")