Skip to main content

Password Management

Implementing a key/secret approach for password management with Test Evolve

Create a local Ruby file - keygen.rb as below. Add the PASSWORD that you wish to encrypt in line 6. Open a terminal session at the location of the file. Execute the Ruby script. ‘ruby keygen.rb’. 2 values will be output to the console.

gem 'activesupport'
require 'active_support'

key = SecureRandom.alphanumeric(32)
crypt = ActiveSupport::MessageEncryptor.new(key)
encrypted_pwd = crypt.encrypt_and_sign("your actual password")
puts 'key value = ' + key
puts 'encrypted_pwd = ' + encrypted_pwd

Create a key.yml file and place it in the root directory of your Test Evolve project - e.g. the same level as your gemfile

Paste the console output KEY_VALUE into the key.yml. That is all it should contain.

Within the Test Evolve env.rb (features > support) file, references to the key or keys should be added as a constant as follows: TEST_EVOLVE_SECRETS = 'key.yml' - see below

require 'test-evolve/cucumber-hooks'

TEST_EVOLVE_SECRETS = 'key.yml'

Within the Test Evolve project helpers.rb file, add a decrypt method for each key that you have/need.

def decrypt(pw, core_or_admin)
  begin
    crypt = ActiveSupport::MessageEncryptor.new(File.read(TEST_EVOLVE_SECRETS))
  rescue StandardError => e
    puts "\nDO YOU HAVE THE KEY? :#{e}"
    exit
  end
  crypt.decrypt_and_verify(pw)
end

Within your Test Evolve project environments.yml file (root > environments directory), add the console output ENCRYPTED_PWD value from step 1 as a project password.

example_username: example_username
example_password: MUl4VXFEQUtPYm9OclZnYWV5NGl5TXc2QlpnNzZWRmVPUU9ZWjFqWHAzTT0tLUhWbzhXNFpWM3pIUi92Z3U5WW0vM3c9PQ==--e1149e519fd728f55fb248a3b0a3440b906b312f

When you need to use the encrypted password during a test, the following code can be used to set an instance variable for onward use.

@password = decrypt(EnvConfig['example_password'])

The keygen.rb file can be discarded at this stage. The keys themselves should remain locally in the root of the project and never be checked in.

Changes to the env.rb, the environments.rb, helpers.rb should all be checked in to the project.