The default backend for RStudio Server and RStudio Server Pro is the file backend, but the file backend requires libsodium. Most RStudio servers today are built without libsodium, so the first user experience with keyring on Linux is probably going to throw the following error:

Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/home/rstudio/R/x86_64-pc-linux-gnu-library/3.6/sodium/libs/sodium.so':
  libsodium.so.23: cannot open shared object file: No such file or directory

It's somewhat unclear what action the user is supposed to take when they see this message, especially given the fact that users are almost certainly going to experience this message the first time they use keyring.

I would expect a little more guidance on how to resolve this issue. I would also expect the experience to be similar to the sparklyr experience when Java is not installed. This is the pop up in the sparklyr connections pane in the event that Java is not installed.

I would expect a similar message for the keyring package. Perhaps a warning message like this:

In order to use the file backend with keyring, your system needs to have libsodium installed. Please contact your server administrator to request the installation of libsodium on your system.

keyring does not actually directly need libsodium as a system dependency. It only depends on the sodium R package, which needs libsodium.

You cannot install the sodium R package on Linux if libsodium (+ dev headers) is not installed, unless you install your R packages from (RSPM or other) binaries. So only people installing Linux packages from binaries will see this. (Windows and macOS binaries link libsodium statically.) "Regular" Linux users see this:

> install.packages("sodium")
[...]
------------------------- ANTICONF ERROR ---------------------------
Configuration failed because libsodium was not found. Try installing:
 * deb: libsodium-dev (Debian, Ubuntu, etc)
 * rpm: libsodium-devel (Fedora, EPEL)
 * csw: libsodium_dev (Solaris)
 * brew: libsodium (OSX)
If libsodium is already installed, check that 'pkg-config' is in your
PATH and PKG_CONFIG_PATH contains a libsodium.pc file. If pkg-config
is unavailable you can set INCLUDE_DIR and LIB_DIR manually via:
R CMD INSTALL --configure-vars='INCLUDE_DIR=... LIB_DIR=...'
--------------------------------------------------------------------

We could try to detect this error message and give some better error message. (This is actually not that simple to do properly, because it is a localized message.) But it not what we are doing currently for system dependencies, especially not for system dependencies of packages we are depending on. So I am reluctant to add such a warning. I.e. we are not checking if curl can load libcurl and libssl, etc.

I think eventually this will be solved by better package installation tools, e.g. pak will soon tell you if the required system dependencies are not installed, when installing a package.

For now, maybe we can add this to the documentation of the file backend?

I agree we can punt on this for now. At some point, I would like to have askForSecret replace askForPassword in the connections dialog (particularly with the pro drivers). At that point I would like to have an experience similar to the one with sparklyr (mentioned above) which is also in the connections pane. Perhaps we can revisit this when we address that type of work, or when we go deeper with pak, or we integrate other secret services (in the cloud). But but given this excellent explanation, I am fine punting on this for now. I'll make a note to add this into the vignette, the keyring docs, and the server recommendations on the pro docs site.

I would like to replace askForPassword with askForSecret in the pro driver snippets. However, when I run askForSecret without libsodium installed, I get the following error message:

> rstudioapi::askForSecret("test", getenv = "RSC")
Error in dyn.load(file, DLLpath = DLLpath, ...) : 
  unable to load shared object '/home/rstudio/R/x86_64-pc-linux-gnu-library/3.6/sodium/libs/sodium.so':
  libsodium.so.23: cannot open shared object file: No such file or directory

It would be nice if I didn't get this message until after this dialog:

The reason is that if I don't have libsodium installed, I might still want to use askForSecret to fall back on askForPassword. This is important for existing customers who might prefer to use the current defaults should they upgrade their drivers.

Well, the only way to do that is to make sodium a soft dependency in keyring. Which is possible, but it will also mean that

1. people having keyring installed might not have support for the file backend, and
2. it breaks the workflows that assume that the file backend is available if you install keyring.

I managed to give a better error message, if the sodium package is installed but cannot be loaded:

> x <- keyring::backend_file$new()
> x$keyring_create("new", "pass")
Error: Cannot load the sodium package, please make sure that its system libraries are installed.
On Debian and Ubuntu systems you probably need the 'libsodium23' package.
On Fedora, CentOS, RedHat and other RPM systems you need the libsodium package.
Error: unable to load shared object '/opt/R/devel/lib/R/library/sodium/libs/sodium.so':
  libsodium.so.23: cannot open shared object file: No such file or directory

The caveat is that if the package does no load for some other reason, then this error message can be misleading.