When individuals need access to the research drive, the PI will make the request, to Bashar Shakhtour.
Folder Structure:
Windows:
From This PC select Computer Map Network Drive in the folder \\cqsresearch\research drive
MacOS:From Finder select Go Connect to Server smb://cqsresearch/research drive
Linux:
sudo mkdir /mnt/research
edit /etc/fstab add this line
//cqsresearch/research\040drive /mnt/research cifs rw,user,vers=3.0,username=YOURVUNETID,domain=vanderbilt,noauto
Then
mount /mnt/research
to connect and
umount /mnt/researchto disconnect.
A given project by its data-sharing agreement may specify data handling requirements. For example, AllOfUs has data stored in a GCP and a dedicated team for controlling access. Its members are not allowed to store any of the identifying data externally to the project on any device not approved by that project.
Years of research can accumulate on a local device and, in the past, one might not have followed these security practices in compliance with current requirements. A "tabula rasa" (blank slate) strategy is a method to ensure compliance. To accomplish this, take all locally stored research folders and upload them all an approved storage location. Upon completing the upload, and double checking to confirm that it was successful, delete all folders locally. Then, as needed, take one folder at a time from storage and inspect to make sure no PHI/PII is present. This will allow you to answer "no" if asked if PHI/PII are present on your device with confidence. Eventually, your local computing device will be repopulated with what you need in a compliant manner.
There are commercially available tools (such as 1Password, KeePass, or Dashlane) that keep passwords in a cryptolocker or keyring. The providers of these services store the encrypted information only in the cloud and follow good security practices. The downside of this approach is that these tools do not integrate well with automated code.
Keyrings are currently best practice for managing API Keys and passwords. and several resources are available for one's personal code and projects. There are system-provided keyrings and local file keyrings. The local file option is generally the best for consistency because OS manufacturers frequently change their interfaces. Using a local file version will give consistent behavior across platforms and upgrades. It is recommended that all staff and faculty working with PII/PHI learn and utilize some type of keyring software. A keyring requires a password to unlock, the benefit being that one can use a single password to unlock a large number of passwords. One could utilize a single keyring on their device if needed.The R package `redcapAPI` has keyring management built in via the function `unlockREDCap`.
library(redcapAPI) options(keyring_backend=keyring::backend_file) # Put in .Rprofile unlockREDCap(c(rcon = '<MY PROJECT NAME>'), keyring = 'API_KEYs', envir = globalenv(), url = 'https://<REDCAP_URL>/api/')This will automatically walk the user through the usage of storing REDCap API Keys in a keyring. See the documentation of unlockREDCap for more details.
The R package `keyring` provides the necessary tools for manipulating keyrings. Here is some example usage for the AllOfUs project:
Set R to always use a local file, by putting this in .Rprofile
options(keyring_backend=keyring::backend_file)
Create a keyring to use at the R console, with a new password to save for PDR Access in the AllOfUs keyring:
keyring_create("AllOfUs") key_set_with_value("AllOfUs", "PDR", password="<PASSWORDHERE>", "AllOfUs")
In the report code, this is the automated snippet to pull the password:
if(keyring_is_locked("AllOfUs")) keyring_unlock("AllOfUs", getPass::getPass()) con <- dbConnect(RPostgres::Postgres(), dbname="drc", host="localhost", port=7000, user="<your userid>", password=keyring::key_get('AllOfUs', 'PDR', "AllOfUs"))
I | Attachment | Action | Size | Date | Who | Comment |
---|---|---|---|---|---|---|
![]() |
d5148e4ad8673b8cbef48d257967b094.png | manage | 57 K | 25 Sep 2023 - 11:40 | BasharShakhtour | Auto-attached by ImagePlugin |