Forum Discussion

KrisVH's avatar
KrisVH
Occasional Contributor
6 years ago

SoapUI project keystore password security?

Hi,

 

I have a project where I need to sign my requests using a keystore. For this I need to add a keystore to my project and also enter the password for it.

 

This means that when I save the project to source control, that password gets saved along with it.

 

I tried a few things to avoid this:

* global SSL keystore: can't seem to use this for signatures

* save the password in the global preferences (so it stays on my machine) and use a reference to read it: this works for a lot of other (password) fields, but not this one

* encrypting the entire project: this makes source control fairly useless

* encrypting just selected properties: doesn't work for this password field and I can't put it in a property either because the password field doesn't work with references

 

Any other ways I could do what I want? So either encrypt/hide the password in WSS Config - Keystores, or, in Outgoing WS-Security Configurations - [my configuration] - Signature, select a keystore that doesn't have to be set in my project?

 

Best regards,

 

Kris

  • Oops, just found a solution myself:

     

    When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

     

    (I guess it could still be a good idea to allow references in the password field for the project keystores.)

     

    Best regards,

     

    Kris

  • KrisVH's avatar
    KrisVH
    Occasional Contributor

    Oops, just found a solution myself:

     

    When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

     

    (I guess it could still be a good idea to allow references in the password field for the project keystores.)

     

    Best regards,

     

    Kris