API/Web Service Encoded Variables

I created A Katalon API/Web Services project and needed to encode a security “Key”. I created a test object and under the “HTTP Header” added the Name/Value combination for the attributes. The Value was hard coded. I then ran the code and it produced the expected results.

I then created a Test Case calling the Object and a Test Suite that runs everything. And again, everything ran fine.

Now, I used the Katalon Help>Encrypt Text to encode the “Key”. I added this information to a Global Variable under Profiles>Default. When I went to the object and under “Variables” created a variagle for the “Key”, Katalon found the global variable. When I ran the Test Suite, it failed. I think it saw the encoded variable as a raw string.

So, how do I get the object to recognize the variable as an encoded string?

Could you share code of when you call the Global Variable as well as the corresponding error logs please?

OK, here’s what I have: running Katalon 8.4.0:

Global Variable:

Web Services Object (HTTP Header):

Web Services Object (Variables):

Web Services Test Cast:

The Test Suite simply points to the Test Case. This works fine when I use the “testRawKey” but when I use the Katalon encoded key it fails.

How do I let the Katalon Object know the “Key” is encoded data?

Does anyone have any kind of a suggestions/updates on this issue?

@em817m , I apologize for writing in your topic w/o having any solution. I’m just wondering is it the right aproach to have an encripted security key stored in Katalon Project? Whatever is encrypted can de decripted. Woudn’t it be safer to store a security key in some environment variable?

But wouldn’t a Windows “Environment Variable” be non-encrypted? And if I would store the security key as an encrypted variable, I would still need to unencrypt it in Katalon - right? And that’s what I’m having a problem with.

how would you like to tell Katalon to decode it, prior to use it?

you gave yourself the answer, using environment variable is not safe.
use an external vault to store sensitive data and pass such only at runtime to katalon

Thanks, @bionel . Sounds like a plan (the only little devil in the details is how, the hell, to do it))

To be precise, how exactly to store sensitive data both locally and, for example, in the (external) Jenkins and to be able to pass them (the word ‘data’ is plural) at runtime to Katalon while running either locally or, for example, in the (external) Jenkins?

this is a matter of trust. you can store them in jenkins vault as global credentials, provided you trust all jenkins user, or under a protected group.
we are not here to perform security scanning on your infrastructure, we only advise
for the rest, read the relevant docs

Sure. I was just asking how to pass the sensitive data at runtime to Katalon from local and external storage so it can be used by the same script code

Yes, this is what I was after from the beginning - sort of. First, how do I pass this data and second, if I encode it, how do I get Katalon to decode it in the script…

I found this code snippet that seems to answer my original question:

import com.kms.katalon.util.CryptoUtil
def originalText = ‘mypassword’
println(“Original text: ${originalText}”)
def encryptedText = CryptoUtil.encode(CryptoUtil.getDefault(originalText))
println(“Encrypted text: ${encryptedText}”)
def decryptedText = (CryptoUtil.decode(CryptoUtil.getDefault(encryptedText)))
println(“Decrypted text: ${decryptedText}”)

Not a perfect solution, but using the Katalon>Help>Encrypt Text feature, I can create an encoded variable and the decrypt it with the last 2 lines in from the code.

1 Like

you can pass whatever data needed at runtime through global variables, regardless where such are stored, no need to store them with the project, encrypted or not

have you ever read the docs? e.g: Command Syntax (Command-line/Console Mode Execution) | Katalon Docs

note:

-g_<variable_name>

Override Execution Profile variables.

Example:-g_userName="admin"

if the above does not suit to your needs, you can set them as environment variables and retrieve from your code with System.getEnv()

how to retrieve them from local or external storage … is up to you, we don’t know what do you use as a vault and as CI for execution. use your imagination (aka read the corresponding docs)