Skip to content

Configuration Encryption

RSPM supports the encryption of sensitive configuration options. For example, both the Postgres Password setting and the Proxy Password setting support encryption.

RSPM Encrypt

To encrypt a sensitive configuration setting, use the rspm encrypt command. For example:


$ rspm encrypt
<< Encryption: Enter the plain text value below.
<< Encryption: Encrypted value printed to stdout
<< Qu0lI/gridhu85sqChwFtP2wFkqCcWt9owBpxFjAhKFaU2ZraBB2LM62Ieo=


Only settings that have the type of encrypted-string support encryption.

Key file

The rspm encrypt command creates a key file called rstudio-pm.key at the specified Server.EncryptionKeyPath location or if left unspecified in the Server.DataDir. This key must not be deleted for the RSPM server to properly read the configuration file. It also needs to be owned by the same account that runs the RSPM server, in most cases this is the rstudio-pm account.


Check the file permissions by running ls -l /path/to/key/file. If the file is not owned by the same user that runs RSPM, change it by running sudo chown [user-account] /path/to/key/file.