[help] encryption key always outdated

[aryazand]

Help

• I understand and agree to https://books.ropensci.org/targets/help.html.

Description

Hi, first off thank you for the great targets package.

The issue I run into is that loading an encryption key is always considered outdated, so loading or saving any data dependent on that key is also considered outdated. I've tried to google and look through forums to find a workaround, but no luck!

Below is a reproducible example (based on a previous similar question from a few years back (#448)

library(targets)
library(tarchetypes)
require(tidyverse)
require(here)
require(cyphr)


# generate sodium key
# DATA_KEY = sodium::bin2hex(sodium::keygen())
# store DATA_KEY in .Renviron

cyphr_key <- cyphr::key_sodium(sodium::hex2bin(Sys.getenv("DATA_KEY")))

# define targets functions
make_test <- function(){
  x <- as_tibble(iris)
  return(x)
}

summ <- function(dataset) {
  sample <-
    dataset %>% janitor::clean_names() %>%
    group_by(species) %>%
    summarise()
  
  return(sample)
}



# targets -----------------------------------------------------------------

# End this file with a list of target objects.
#targets <-
list(
  tar_target(data, make_test()),
  tar_target(summary, summ(data)) # Call your custom functions as needed
) %>%
  tar_hook_outer(hook = encrypt_object(.x, key = cyphr_key)) %>%
  tar_hook_inner(hook = decrypt_object(.x, key = cyphr_key))

After running tar_make() on above, then tar_visnetwork() has the following output - demonstrated that cyphr_key is outdated (probably due to loading it with sodium::hex2bin and cyphr::key_sodium)

Any thoughts on how to load an encryption key in a way that it remains updated unless the value in .Renviron changes?

Thanks!

[wlandau]

How about the example below?

Note the use of sha512 to detect changes to the data key. I would have used Sys.getenv("DATA_KEY") itself, but targets stores the siphash13 of each global object in _targets/meta/meta, which by itself has weaker cryptographic guarantees.

library(targets)
library(tarchetypes)
library(tidyverse)
library(here)
library(cyphr)

data_key_hash <- digest::digest(Sys.getenv("DATA_KEY"), algo = "sha512")

make_data <- function(){
  x <- as_tibble(airquality)
  return(x)
}

make_summary <- function(dataset) {
  dataset %>%
    janitor::clean_names() %>%
    group_by(month) %>%
    summarize()
}

setup <- list(
  tar_target(
    cyphr_key, {
      data_key_hash
      cyphr::key_sodium(sodium::hex2bin(Sys.getenv("DATA_KEY")))
    }
  )
)

pipeline <- list(
  tar_target(data, make_data()),
  tar_target(summary, make_summary(data))
) %>%
  tar_hook_outer(hook = encrypt_object(.x, key = cyphr_key)) %>%
  tar_hook_inner(hook = decrypt_object(.x, key = cyphr_key))

list(setup, pipeline)

[aryazand]

Hi, thank you for the quick response!

It looks like with the code as is, if you modify pipeline you get the following error; Failed to decrypt key as session key has changed. It looks like cyphr load sessions specific keys by design. To get around this I changed how to key is loaded in the tar_hooks statements, as follows:

library(targets)
library(tarchetypes)
library(tidyverse)
library(here)
library(cyphr)

data_key_hash <- digest::digest(Sys.getenv("DATA_KEY"), algo = "sha512")

make_data <- function(){
  x <- as_tibble(airquality)
  return(x)
}

make_summary <- function(dataset) {
  dataset %>%
    janitor::clean_names() %>%
    group_by(month) %>%
    summarize()
}

setup <- list(
  tar_target(
    cyphr_key, {
      data_key_hash
      cyphr::key_sodium(sodium::hex2bin(Sys.getenv("DATA_KEY")))
    }
  )
)

pipeline <- list(
  tar_target(data, make_data()),
  tar_target(summary, make_summary(data))
) %>%
  tar_hook_outer(hook = encrypt_object(.x, key = cyphr::key_sodium(sodium::hex2bin(Sys.getenv("DATA_KEY"))))) %>%
  tar_hook_inner(hook = decrypt_object(.x, key = cyphr::key_sodium(sodium::hex2bin(Sys.getenv("DATA_KEY")))))

list(setup, pipeline)

This should load the key properly.
There may be a more eloquent way to doing this, but it seems to work for me.

Thank you for your help!