API/Web Service Encoded Variables

I created A Katalon API/Web Services project and needed to encode a security “Key”. I created a test object and under the “HTTP Header” added the Name/Value combination for the attributes. The Value was hard coded. I then ran the code and it produced the expected results.

I then created a Test Case calling the Object and a Test Suite that runs everything. And again, everything ran fine.

Now, I used the Katalon Help>Encrypt Text to encode the “Key”. I added this information to a Global Variable under Profiles>Default. When I went to the object and under “Variables” created a variagle for the “Key”, Katalon found the global variable. When I ran the Test Suite, it failed. I think it saw the encoded variable as a raw string.

So, how do I get the object to recognize the variable as an encoded string?

Could you share code of when you call the Global Variable as well as the corresponding error logs please?

OK, here’s what I have: running Katalon 8.4.0:

Global Variable:

Web Services Object (HTTP Header):

Web Services Object (Variables):

Web Services Test Cast:

The Test Suite simply points to the Test Case. This works fine when I use the “testRawKey” but when I use the Katalon encoded key it fails.

How do I let the Katalon Object know the “Key” is encoded data?

Does anyone have any kind of a suggestions/updates on this issue?

@em817m , I apologize for writing in your topic w/o having any solution. I’m just wondering is it the right aproach to have an encripted security key stored in Katalon Project? Whatever is encrypted can de decripted. Woudn’t it be safer to store a security key in some environment variable?

But wouldn’t a Windows “Environment Variable” be non-encrypted? And if I would store the security key as an encrypted variable, I would still need to unencrypt it in Katalon - right? And that’s what I’m having a problem with.

how would you like to tell Katalon to decode it, prior to use it?

you gave yourself the answer, using environment variable is not safe.
use an external vault to store sensitive data and pass such only at runtime to katalon

Thanks, @bionel . Sounds like a plan (the only little devil in the details is how, the hell, to do it))

To be precise, how exactly to store sensitive data both locally and, for example, in the (external) Jenkins and to be able to pass them (the word ‘data’ is plural) at runtime to Katalon while running either locally or, for example, in the (external) Jenkins?

this is a matter of trust. you can store them in jenkins vault as global credentials, provided you trust all jenkins user, or under a protected group.
we are not here to perform security scanning on your infrastructure, we only advise
for the rest, read the relevant docs

Sure. I was just asking how to pass the sensitive data at runtime to Katalon from local and external storage so it can be used by the same script code

Yes, this is what I was after from the beginning - sort of. First, how do I pass this data and second, if I encode it, how do I get Katalon to decode it in the script…

I found this code snippet that seems to answer my original question:

import com.kms.katalon.util.CryptoUtil
def originalText = ‘mypassword’
println(“Original text: ${originalText}”)
def encryptedText = CryptoUtil.encode(CryptoUtil.getDefault(originalText))
println(“Encrypted text: ${encryptedText}”)
def decryptedText = (CryptoUtil.decode(CryptoUtil.getDefault(encryptedText)))
println(“Decrypted text: ${decryptedText}”)

Not a perfect solution, but using the Katalon>Help>Encrypt Text feature, I can create an encoded variable and the decrypt it with the last 2 lines in from the code.

1 Like

you can pass whatever data needed at runtime through global variables, regardless where such are stored, no need to store them with the project, encrypted or not

have you ever read the docs? e.g: Command Syntax (Command-line/Console Mode Execution) | Katalon Docs

note:

-g_<variable_name>

Override Execution Profile variables.

Example:-g_userName="admin"

if the above does not suit to your needs, you can set them as environment variables and retrieve from your code with System.getEnv()

how to retrieve them from local or external storage … is up to you, we don’t know what do you use as a vault and as CI for execution. use your imagination (aka read the corresponding docs)

Thanks, @bionel . A couple of questions:
1)

but you wrote:

?

This can be done in Command-line/Console Mode Execution. What if you just want to run a test in Katalon Studio?

@gdearest07 we have different understandings of what environment means and the scope of certain tools.
for me, environment means a shell session used to run the tests with KRE, either local or with a CI tool, e.g jenkins.
such is volatile, the environment will exist only as long as the shell is running.
for you, environment means global windows environment. such is permanent so is is not OK … well, it depends also on who may have access to your machine / account.

As for KSE … I will use it only for developing tests, but the final execution will be however done in CI.
So, I can simply store the credentials in a profile used only by me, since only I have access to my development machine. I don’t need to override it, I will do that only when running it with KRE.
Of-course, take care not to accidentally commit your profile to the shared repo you may use, but an entry in .gitignore should work

For the rest … you already have some solutions, either store the credentials in the CI vault, or use whatever third-party tool. E.g lastpass have a cli client, can be used to retrieve whatever credentials by a pre-run script and inject them into the execution environment (as globals or custom variables).
of-course … you will have to deal with how to store the master key to access your vault if using a third party solution … so yet again is a matter of trust between you and other people using the resources.

2 Likes

@bionel , just FYI:

It looks like there is another issue with Katalon Plugin in Jenkins which makes it impossible to follow your advice.

As per Command Syntax (Command-line/Console Mode Execution) | Katalon Docs

On Jenkins with Katalon plugin it works only if you realy put someting like -g_userName="admin" BUT IT’S NOT OVERRIDING the Execution Profile variable if you try to get its value from a Jenkins’s secret text like this

Please note that -apikey=%apikey% works ( $apikey should be used on Linux)

i realy dont care about the jenkins plugin and i will never use such.
there are more sane ways to run katalon on jenkins (or any other CI)

Certainly. And there are more sane ways to test than using Katalon, whose developers don’t seem to be able even to undersatnd what’s wrong with the Katalon plugin recomended by Katalon .