SoapUI project keystore password security?
I have a project where I need to sign my requests using a keystore. For this I need to add a keystore to my project and also enter the password for it.
This means that when I save the project to source control, that password gets saved along with it.
I tried a few things to avoid this:
* global SSL keystore: can't seem to use this for signatures
* save the password in the global preferences (so it stays on my machine) and use a reference to read it: this works for a lot of other (password) fields, but not this one
* encrypting the entire project: this makes source control fairly useless
* encrypting just selected properties: doesn't work for this password field and I can't put it in a property either because the password field doesn't work with references
Any other ways I could do what I want? So either encrypt/hide the password in WSS Config - Keystores, or, in Outgoing WS-Security Configurations - [my configuration] - Signature, select a keystore that doesn't have to be set in my project?
Oops, just found a solution myself:
When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.
(I guess it could still be a good idea to allow references in the password field for the project keystores.)