API/Web Service Encoded Variables

But wouldn’t a Windows “Environment Variable” be non-encrypted? And if I would store the security key as an encrypted variable, I would still need to unencrypt it in Katalon - right? And that’s what I’m having a problem with.

how would you like to tell Katalon to decode it, prior to use it?

you gave yourself the answer, using environment variable is not safe.
use an external vault to store sensitive data and pass such only at runtime to katalon

Thanks, @bionel . Sounds like a plan (the only little devil in the details is how, the hell, to do it))

To be precise, how exactly to store sensitive data both locally and, for example, in the (external) Jenkins and to be able to pass them (the word ‘data’ is plural) at runtime to Katalon while running either locally or, for example, in the (external) Jenkins?

this is a matter of trust. you can store them in jenkins vault as global credentials, provided you trust all jenkins user, or under a protected group.
we are not here to perform security scanning on your infrastructure, we only advise
for the rest, read the relevant docs

Sure. I was just asking how to pass the sensitive data at runtime to Katalon from local and external storage so it can be used by the same script code

Yes, this is what I was after from the beginning - sort of. First, how do I pass this data and second, if I encode it, how do I get Katalon to decode it in the script…

I found this code snippet that seems to answer my original question:

import com.kms.katalon.util.CryptoUtil
def originalText = ‘mypassword’
println(“Original text: ${originalText}”)
def encryptedText = CryptoUtil.encode(CryptoUtil.getDefault(originalText))
println(“Encrypted text: ${encryptedText}”)
def decryptedText = (CryptoUtil.decode(CryptoUtil.getDefault(encryptedText)))
println(“Decrypted text: ${decryptedText}”)

Not a perfect solution, but using the Katalon>Help>Encrypt Text feature, I can create an encoded variable and the decrypt it with the last 2 lines in from the code.

1 Like

you can pass whatever data needed at runtime through global variables, regardless where such are stored, no need to store them with the project, encrypted or not

have you ever read the docs? e.g: Command Syntax (Command-line/Console Mode Execution) | Katalon Docs

note:

-g_<variable_name>

Override Execution Profile variables.

Example:-g_userName="admin"

if the above does not suit to your needs, you can set them as environment variables and retrieve from your code with System.getEnv()

how to retrieve them from local or external storage … is up to you, we don’t know what do you use as a vault and as CI for execution. use your imagination (aka read the corresponding docs)

Thanks, @bionel . A couple of questions:
1)

but you wrote:

?

This can be done in Command-line/Console Mode Execution. What if you just want to run a test in Katalon Studio?

@gdearest07 we have different understandings of what environment means and the scope of certain tools.
for me, environment means a shell session used to run the tests with KRE, either local or with a CI tool, e.g jenkins.
such is volatile, the environment will exist only as long as the shell is running.
for you, environment means global windows environment. such is permanent so is is not OK … well, it depends also on who may have access to your machine / account.

As for KSE … I will use it only for developing tests, but the final execution will be however done in CI.
So, I can simply store the credentials in a profile used only by me, since only I have access to my development machine. I don’t need to override it, I will do that only when running it with KRE.
Of-course, take care not to accidentally commit your profile to the shared repo you may use, but an entry in .gitignore should work

For the rest … you already have some solutions, either store the credentials in the CI vault, or use whatever third-party tool. E.g lastpass have a cli client, can be used to retrieve whatever credentials by a pre-run script and inject them into the execution environment (as globals or custom variables).
of-course … you will have to deal with how to store the master key to access your vault if using a third party solution … so yet again is a matter of trust between you and other people using the resources.

2 Likes

@bionel , just FYI:

It looks like there is another issue with Katalon Plugin in Jenkins which makes it impossible to follow your advice.

As per Command Syntax (Command-line/Console Mode Execution) | Katalon Docs

On Jenkins with Katalon plugin it works only if you realy put someting like -g_userName="admin" BUT IT’S NOT OVERRIDING the Execution Profile variable if you try to get its value from a Jenkins’s secret text like this

Please note that -apikey=%apikey% works ( $apikey should be used on Linux)

i realy dont care about the jenkins plugin and i will never use such.
there are more sane ways to run katalon on jenkins (or any other CI)

Certainly. And there are more sane ways to test than using Katalon, whose developers don’t seem to be able even to undersatnd what’s wrong with the Katalon plugin recomended by Katalon .

@gdearest07 side note, currently the katalon jenkins plugin is blacklisted by jenkins development team due to various licencing / vulnerabilities issues.
google about…

1 Like

@bionel, thanks for letting me know. Another reason to consider switching from Katalon to another tool. Currenntly, we are looking into Cypress as a potential replacement because of all these issues that Katalon doesn’t seem to care about at all.

i don’t think the lack of this plugin is a major reason to switch to a new tool, i already provided alternate solutions…
anyway, if you intend to switch, give up on ‘already made’ solutions
with a bit of effort, in about one month you can create your own stable collection of frameworks, e. g

  • groovy + spock for db and api testing, with a flavour of geb for web testing
  • pytest with a plethora of libs available
  • or robot framework if python is a choice but need a lazy aproach, altough pytest + selenium just works
  • playwright for a native js/typescript approach but having also python and java wrappers

… or any other preffered language

putting them cleverly toghether, you will be in full control

1 Like

Thank you, @bionel . It’s not just about the problems with that plugin. It’s about loosing confidence in Katalon developers ability even to understand the problem. After I specifically expalin that -g_userName=“admin” works BUT IT’S NOT OVERRIDING the Execution Profile variable if you try to get its value from a Jenkins’ secret, their “solution” was "to change the global variable by the desired scenario tags during runtime, use the following command syntax -g_XXX, for example, -g_userName=“admin”.

well… this is up to you.
honestly speaking, i am no longer an active katalon user since long time ago.
i found my path.
but i am still here for fun and to guide begginers… simply because i was in such shoes, so katalon comunity deserve my contribution (except few members, i will not name them)
for the rest, it is only a matter on how do you choose to develop further and evolve.

1 Like