I created A Katalon API/Web Services project and needed to encode a security “Key”. I created a test object and under the “HTTP Header” added the Name/Value combination for the attributes. The Value was hard coded. I then ran the code and it produced the expected results.
I then created a Test Case calling the Object and a Test Suite that runs everything. And again, everything ran fine.
Now, I used the Katalon Help>Encrypt Text to encode the “Key”. I added this information to a Global Variable under Profiles>Default. When I went to the object and under “Variables” created a variagle for the “Key”, Katalon found the global variable. When I ran the Test Suite, it failed. I think it saw the encoded variable as a raw string.
So, how do I get the object to recognize the variable as an encoded string?
@em817m , I apologize for writing in your topic w/o having any solution. I’m just wondering is it the right aproach to have an encripted security key stored in Katalon Project? Whatever is encrypted can de decripted. Woudn’t it be safer to store a security key in some environment variable?
But wouldn’t a Windows “Environment Variable” be non-encrypted? And if I would store the security key as an encrypted variable, I would still need to unencrypt it in Katalon - right? And that’s what I’m having a problem with.
Thanks, @bionel . Sounds like a plan (the only little devil in the details is how, the hell, to do it))
To be precise, how exactly to store sensitive data both locally and, for example, in the (external) Jenkins and to be able to pass them (the word ‘data’ is plural) at runtime to Katalon while running either locally or, for example, in the (external) Jenkins?
this is a matter of trust. you can store them in jenkins vault as global credentials, provided you trust all jenkins user, or under a protected group.
we are not here to perform security scanning on your infrastructure, we only advise
for the rest, read the relevant docs
@gdearest07 we have different understandings of what environment means and the scope of certain tools.
for me, environment means a shell session used to run the tests with KRE, either local or with a CI tool, e.g jenkins.
such is volatile, the environment will exist only as long as the shell is running.
for you, environment means global windows environment. such is permanent so is is not OK … well, it depends also on who may have access to your machine / account.
As for KSE … I will use it only for developing tests, but the final execution will be however done in CI.
So, I can simply store the credentials in a profile used only by me, since only I have access to my development machine. I don’t need to override it, I will do that only when running it with KRE.
Of-course, take care not to accidentally commit your profile to the shared repo you may use, but an entry in .gitignore should work
For the rest … you already have some solutions, either store the credentials in the CI vault, or use whatever third-party tool. E.g lastpass have a cli client, can be used to retrieve whatever credentials by a pre-run script and inject them into the execution environment (as globals or custom variables).
of-course … you will have to deal with how to store the master key to access your vault if using a third party solution … so yet again is a matter of trust between you and other people using the resources.
On Jenkins with Katalon plugin it works only if you realy put someting like -g_userName="admin" BUT IT’S NOT OVERRIDING the Execution Profile variable if you try to get its value from a Jenkins’s secret text like this