Ask a Question

Avoid exfiltering OAuth Credentials in Git Repository

SOLVED
morehendrix
Occasional Visitor

Avoid exfiltering OAuth Credentials in Git Repository

Hi, 

 

I am using ReadyAPI to test an OAuth2.0 secured API. I am using a Composite project with Git integration and I do not see how could I make use of Auth Manager without exfiltering my OAuth credentials into Git in plaintext, as part of the settings.xml file, within con:oAuth2ProfileContainer and con:oAuth20AuthEntry

 

I tried using client-id and client-secret as encrypted properties, but as soon as the groovy script sets them in the profile, they appear in clear text in the settings.xml file. 

 

1 ACCEPTED SOLUTION

Accepted Solutions
WesleyN
Staff

Re: Avoid exfiltering OAuth Credentials in Git Repository

Hello,

 

This should be possible by utilizing Encrypted Properties and Property Expansions.

Specify the needed credentials as encrypted project properties.

 

https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html#encrypt-individual-pr...

 

Then in the Auth Manager create your OAuth2.0 profile.

When specifying the profile parameters use property expansions to point to your defined project properties:

 

https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html

 

The settings.xml file should then contain the property expansion syntax rather than the value.

 

If this is still not what you are looking for please follow up.

 

View solution in original post

3 REPLIES 3
sonya_m
Community Manager

Re: Avoid exfiltering OAuth Credentials in Git Repository

Thanks for your question!

 

@HimanshuTayal @PrathapR @richie @ChrisA , any thoughts on this?🙂


Sonya Mihaljova
Community and Education Specialist

Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
richie
Community Hero

Re: Avoid exfiltering OAuth Credentials in Git Repository

hey @sonya_m 

 

I think @HimanshuTayal answered a similar question a while back....could be wrong, but i think it was Himanshu.

 

@nmrao definitely answered this, but he's disappeared! 😔

 

ta,

 

rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
WesleyN
Staff

Re: Avoid exfiltering OAuth Credentials in Git Repository

Hello,

 

This should be possible by utilizing Encrypted Properties and Property Expansions.

Specify the needed credentials as encrypted project properties.

 

https://support.smartbear.com/readyapi/docs/testing/best-practices/secure.html#encrypt-individual-pr...

 

Then in the Auth Manager create your OAuth2.0 profile.

When specifying the profile parameters use property expansions to point to your defined project properties:

 

https://support.smartbear.com/readyapi/docs/testing/properties/expansion.html

 

The settings.xml file should then contain the property expansion syntax rather than the value.

 

If this is still not what you are looking for please follow up.

 

View solution in original post

cancel
Showing results for 
Search instead for 
Did you mean: