Forum Discussion

emoya's avatar
emoya
New Contributor
7 months ago

Encrypt passwords and master password?

Hi,

I have two worrys about security

1. I see passwords from soap and rest requests are saved in plane text at the project.xml file. Is there a way to encrypt them? Any hacker who gains access to our lan could see those passwords....

2. A master password at soaup ui start up would be great also, like winscp and dbvisualizer tools do.

Thanks!

  • Humashankar's avatar
    Humashankar
    7 months ago

    Hi emoya 

    SoapUI Open Source doesn't offer a built-in master password function like WinSCP - kindly try the below given other possibilities:

    Ø  Project Encryption wise SoapUI allows encrypting the entire project file.

    Go to File > Project > Encrypt Project. This adds a layer of security, but requires the password whenever you access the project.

    Ø  Consider dedicated password management tools like KeePass or LastPass. Store your SoapUI credentials securely in these tools and access them during test execution using scripts or integrations all satisfy the Separate Credential Storage mechanism.

    Best regards.

  • Humashankar's avatar
    Humashankar
    Champion Level 3
    7 months ago

    Hi emoya 

    SoapUI does not directly encrypt passwords within the project.xml file.

    Ø  Use Global Properties Create an external file (e.g., credentials.properties) to store your passwords.

    Ø  In SoapUI, go to TestSuite > Properties.

    Ø  Define properties like myProject.username and myProject.password with the actual values in the external file.

    Ø  In your WS-Security configuration, use ${myProject.username} and ${myProject.password} for username and password fields.

    Ø  SoapUI will replace these references with the actual values during execution all set of Use Global Properties.

    Ø  Define environment variables on your system containing username and password values. (e.g., MYPROJECT_USERNAME and MYPROJECT_PASSWORD)

    Ø  In SoapUI properties (similar to the previous method), use ${env.MYPROJECT_USERNAME} and ${env.MYPROJECT_PASSWORD} to reference the environment variables.

    All these are Encrypting Passwords and terms for your knowledge.

    Hope this helps - Happy to help further!!
    Thank you very much and have a great one!
    Warm regards

  • Humashankar's avatar
    Humashankar
    Champion Level 3
    7 months ago

    Hi emoya 

    SoapUI Open Source doesn't offer a built-in master password function like WinSCP - kindly try the below given other possibilities:

    Ø  Project Encryption wise SoapUI allows encrypting the entire project file.

    Go to File > Project > Encrypt Project. This adds a layer of security, but requires the password whenever you access the project.

    Ø  Consider dedicated password management tools like KeePass or LastPass. Store your SoapUI credentials securely in these tools and access them during test execution using scripts or integrations all satisfy the Separate Credential Storage mechanism.

    Best regards.

    • emoya's avatar
      emoya
      New Contributor
      7 months ago

      Hi Humashankar,

      I tried project encryption and it works perfectly!

      The only enhance that will be fantastic it's that now soap-ui ask the password for every project at startup, even if the project is CLOSED. Will be great if it only asks the password for OPENED projects at startup

      Thanks!

      • Humashankar's avatar
        Humashankar
        Champion Level 3
        7 months ago

        Hi emoya - Great you benefited out of the inputs - to add a point on the above one -- 

        SoapUI Open Source doesn't differentiate between open and closed projects when requiring passwords for encrypted projects.

        While project encryption adds a layer of security, it can be heavy for frequent use with multiple projects.

        Regards