Just like someone can be an "Accidental DBA", I am the "Accidental TFS Administrator" at work. And now we're moving, slowly, to Azure DevOps Services (ADS). One of the reasons for moving to ADS is because there's a group of epidemiologists at work who want to capture their code using Git. (At work, they've been using TFVC for longer than I've worked there. Bottom line, we don't use Git at all at work.) Being epidemiologists, they're used to doing lots of data analysis. They use both SAS and R. I've never seen SAS. Here on SSC, because of Steve's posts, I've seen some R, although I wouldn't call myself an R developer.
Anyway, we've got this group of sophisticated users, who want to store their SAS and R code into a Git repository. The reason for why they want to Git is because whatever tools they use, it only works with Git. For now, let me just talk about R. Like I said, I know so little of R that I don't call myself conversant in it at all.
Now, for other things which complicate this. Our chief security officer (CSO) is certain that these users have leaving connection string in plain text, in their R code. We talked about this in a Zoom meeting. Upon a lengthy discussion, it because apparently that the users access the databases they do, using integrated security. Nevertheless, the CSO is not convinced. He is firmly of the opinion that the epidemiologists who are doing the R (and SAS) coding are leaving connection strings scattered all about in their code.
So, let me ask people in this forum - how does R code save connection strings? If this were a .NET app, you could either save those connections to the database use integrated security, in which case there is no credentials saved anywhere. Or you would put them into a Web.Config or App.Config file, which hopefully is obfuscated somehow. Or since we're moving to ADS, they could be saved either in Azure Pipeline library or Azure Key Vault. So, how does R do it? Where are connections strings saved? How can we (those of us in IT) determine that either they user integrated security or the credentials are someplace. Is there a common place to look for database credentials in R?