cancel
Showing results for 
Search instead for 
Did you mean: 

SoapUI project keystore password security?

SOLVED
Highlighted
Occasional Contributor

SoapUI project keystore password security?

Hi,

 

I have a project where I need to sign my requests using a keystore. For this I need to add a keystore to my project and also enter the password for it.

 

This means that when I save the project to source control, that password gets saved along with it.

 

I tried a few things to avoid this:

* global SSL keystore: can't seem to use this for signatures

* save the password in the global preferences (so it stays on my machine) and use a reference to read it: this works for a lot of other (password) fields, but not this one

* encrypting the entire project: this makes source control fairly useless

* encrypting just selected properties: doesn't work for this password field and I can't put it in a property either because the password field doesn't work with references

 

Any other ways I could do what I want? So either encrypt/hide the password in WSS Config - Keystores, or, in Outgoing WS-Security Configurations - [my configuration] - Signature, select a keystore that doesn't have to be set in my project?

 

Best regards,

 

Kris

1 ACCEPTED SOLUTION

Accepted Solutions
Occasional Contributor

Re: SoapUI project keystore password security?

Oops, just found a solution myself:

 

When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

 

(I guess it could still be a good idea to allow references in the password field for the project keystores.)

 

Best regards,

 

Kris

1 REPLY 1
Occasional Contributor

Re: SoapUI project keystore password security?

Oops, just found a solution myself:

 

When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

 

(I guess it could still be a good idea to allow references in the password field for the project keystores.)

 

Best regards,

 

Kris

New Here?
Join us and watch the welcome video:
API Testing Mistake #2
APITestingMistake#2