Documentation Index
Fetch the complete documentation index at: https://mintlify.com/rstudio/rskey/llms.txt
Use this file to discover all available pages before exploring further.
rskey encrypt takes a plaintext value and produces an encrypted ciphertext string suitable for use in Posit Connect or Package Manager configuration files. When you run it interactively, the terminal is put into raw mode so that what you type is never echoed to the screen. When stdin is a pipe, the command reads line-separated values in batch, producing one ciphertext per line. Choose the encryption mode that matches your product version and compliance requirements.
Synopsis
Flags
Path to the key file to use for encryption. The file must exist and be
readable. Required.
Encryption algorithm. One of
default, fips, or workbench.Encryption modes
default — NaCl Secretbox
default — NaCl Secretbox
The standard mode for Posit Connect and Package Manager. Uses the
NaCl Secretbox
authenticated encryption algorithm. Compatible with all supported versions
of Connect and Package Manager.
fips — AES-256-GCM
fips — AES-256-GCM
Available for Connect 2022.03.0 and later, and Package Manager 2024.04.0
and later. Uses AES-256-GCM, an Approved Security Function under
FIPS 140.
Use this mode when your environment requires FIPS-compliant cryptography.
workbench — AES-128-CBC
workbench — AES-128-CBC
Use this mode to encrypt secrets for Posit Workbench (e.g., values stored
in
secure-cookie-key). Uses AES-128-CBC to match the algorithm expected
by rstudio-server encrypt-password. Both the rskey-generated key format
and the UUID key format are accepted.Interactive usage
When stdin is a terminal,rskey encrypt prompts you to type the sensitive
value twice with no echo:
Stdin (batch) usage
When stdin is a pipe,rskey encrypt reads one plaintext value per line and
writes one ciphertext per line to stdout, in the same order. This is useful
for encrypting multiple values in a single invocation.