Forum Discussion

barto's avatar
barto
New Contributor
2 years ago

How are you securing secrets for storing your projects in github?

We're trying to migrate our ReadyAPI suites into github and I'm getting a little stuck with ReadyAPI's documentation on how to encrypt passwords we use to test our application, I'm hoping someone has...
  • KarelHusa's avatar
    2 years ago

    barto,

    in the case of encrypted properties, you can set up a project-level property (e.g., MyAppSecret) and then use it in the Auth manager as well:

     

    ${#Project#MyAppSecret}

    The property is used in Auth manager requests and masked in the logs, at least in the logs I tried.

     

    Moreover, you can override the propery value from the command line, e.g., when you execute the test from the pipeline. So, for some environments you can include the secret and inject in the pipeline for others.

     

    Though, if the secret fields from Auth manager would be treated as sensitive and encrypted by default we wouldn't need this. You can raise a feature request for this.