The default backend is selected

  1. based on the keyring_backend option. See base::options(). This can be set to a character string, and then the backend_string class is used to create the default backend.

  2. If this is not set, then the R_KEYRING_BACKEND environment variable is checked.

  3. If this is not set, either, then the backend is selected automatically, based on the OS:

    1. On Windows, the Windows Credential Store ("wincred") is used.

    2. On macOS, Keychain services are selected ("macos").

    3. Linux uses the Secret Service API ("secret_service"), and it also checks that the service is available. It is typically only available on systems with a GUI.

    4. If the file backend ("file") is available, it is selected.

    5. On other operating systems, secrets are stored in environment variables ("env").

default_backend(keyring = NULL)



Character string, the name of the keyring to use, or NULL for the default keyring.


The backend object itself.


Most backends support multiple keyrings. For these the keyring is selected from:

  1. the supplied keyring argument (if not NULL), or

  2. the keyring_keyring option.

  3. If this is not set, the R_KEYRING_KEYRING environment variable.

  4. Finally, if neither of these are set, the OS default keyring is used.

    • Usually the keyring is automatically unlocked when the user logs in.

See also