cancel
Showing results for 
Search instead for 
Did you mean: 

Need ability to hide (encrypt) Username/Password in Custom Properties

0 Kudos

Need ability to hide (encrypt) Username/Password in Custom Properties

In custom properties at project level I observed that when I provide the value for the Password as a variable, it shows as hidden (****)

However when I run the request using the variable I could clearly see the password value in the RAW Request.

This sometimes makes me feel hesitant when I am wrapping the project and sending it to someone else to run it or creating regression which everyone can see.

 

I expect that if user intetionally pick to encrypt or hide the password, it should not be visible anywhere. Not even from the raw request.

 

Let me know what you think or if there is any better way to hide it.

2 Comments
kondasamy
Regular Contributor

Hi,

 

In your scenario, I feel the behavior of raw request (I could clearly see the password value in the RAW Request) is an acceptable and expected one! The raw request is the non formated actual request sent to the server from SoapUI, which serves mutliple purpose as in tracking the request, debugging the service behavior etc., You could better remove the credentials an share to your peers if needed; in case if the credentials are much confidential.

 

Also, we might not worry about this option if we are passing the service requests with Sessions/ Authentication tokens, instead of passing passwords directly. Finally to answer your question I don't think there is a feature in SoapUI to hide passwords everywhere - even in raw request; though if we try tweaking through event handlers. Please correct if you have any such options!

 

Thanks,

Samy

testhrishi
Frequent Contributor

Ok, in my case and I am sure in lot of other cases, one needs to provide password in soap header where it becomes visible. By having it as custom property makes it easy to maintain for entire project. When we create a variable with name as PASSWORD the soapUI kind of creates false impression by showing it with "*****" and double clicks makes it visible there.

Are there other best practices handling this type of scenario?

Also is there a feature to may be hide the Raw section (may be I am getting into permissions/authorization here)

Sometimes password management is challing, specially when you need different users with different authorizations and you want to build something for production and say may be share with customer or something outside the company

Announcements
Welcome to the SoapUI Feature Requests board!

Here you can review submitted feature requests and vote up the ones you like! If you can't find the feature you want - go ahead and suggest your own idea. Ideas with the highest rating can be implemented in the product.

Check out the Create a Feature Request guide for more information.
New Here?
Join us and watch the welcome video:
Announcements
Labels