Forum Discussion

Occasional Visitor

4 years ago

Avoid exfiltering OAuth Credentials in Git Repository

Hi,

I am using ReadyAPI to test an OAuth2.0 secured API. I am using a Composite project with Git integration and I do not see how could I make use of Auth Manager without exfiltering my OAuth credentials into Git in plaintext, as part of the settings.xml file, within con:oAuth2ProfileContainer and con:oAuth20AuthEntry

I tried using client-id and client-secret as encrypted properties, but as soon as the groovy script sets them in the profile, they appear in clear text in the settings.xml file.

Encryption

Oauth

Security

WesleyN
4 years ago
Hello,

This should be possible by utilizing Encrypted Properties and Property Expansions.

Specify the needed credentials as encrypted project properties.

https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html#encrypt-individual-properties

Then in the Auth Manager create your OAuth2.0 profile.

When specifying the profile parameters use property expansions to point to your defined project properties:

https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html

The settings.xml file should then contain the property expansion syntax rather than the value.

If this is still not what you are looking for please follow up.

sonya_m
SmartBear Alumni (Retired)
4 years ago
Thanks for your question!

HimanshuTayal PrathapR richie ChrisA , any thoughts on this?🙂
- richie
  Community Hero
  4 years ago
  hey sonya_m
  
  I think HimanshuTayal answered a similar question a while back....could be wrong, but i think it was Himanshu.
  
  nmrao definitely answered this, but he's disappeared! 😔
  
  ta,
  
  rich
WesleyN
Staff
4 years ago
Hello,

This should be possible by utilizing Encrypted Properties and Property Expansions.

Specify the needed credentials as encrypted project properties.

https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html#encrypt-individual-properties

Then in the Auth Manager create your OAuth2.0 profile.

When specifying the profile parameters use property expansions to point to your defined project properties:

https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html

The settings.xml file should then contain the property expansion syntax rather than the value.

If this is still not what you are looking for please follow up.

Recent Discussions

Groovy script to access network domain name
14 hours ago
AlleynConway
ReadyAPI Docker Image COMMAND_LINE -I option is being ignored
3 days ago
LarrySteele
AMQP - Cannot connect to ActiveMQ with AMQP Plugin
Solved
5 days ago
andreaszilly
more screen real estate by moving the Testcase progress bar
7 days ago
Awesome
JSON Schema Compliance URL
10 days ago
jrziggy

Forum Discussion

Avoid exfiltering OAuth Credentials in Git Repository

Related Content

OAuth2.0 Client Credentials Parameters

Can I put multiple project in one Git repository?

Virtual users with individual credentials.

Dynamically Set client credentials

Change Smartbear Login credentials?

Recent Discussions

Groovy script to access network domain name

ReadyAPI Docker Image COMMAND_LINE -I option is being ignored

AMQP - Cannot connect to ActiveMQ with AMQP Plugin

more screen real estate by moving the Testcase progress bar

JSON Schema Compliance URL