/
Storing Sensitive Data
  • Ready for review

    • Storing Sensitive Data

    Owned by Tunde Schneidhoffer (Deactivated)
    Last updated: Aug 27, 2024
    2 min read

    Do NOT store any sensitive data in the files that others can access

    What can be sensitive data:

    • password

    • token

    • secret

    • e-mail address

    • xray client id

    • xray client secret

    • API key

    • personal uuid

    Sensitive data should come from a vault/password manager. Here are some examples.

    Jenkins

    Read this 1st: https://www.jenkins.io/doc/book/using/using-credentials/ , https://www.jenkins.io/doc/pipeline/steps/credentials-binding/

    1. Create the credentials in Jenkins

      image (32).png



      JenkinsGlobalCredentials.png

       

    2. Add your credential to the Jenkinsfile using the IDE of your choice

      string(credentialsId: 'credentialIdSetinJenkinsCredentials', variable: 'variableNameYouWantToUse'),

    3. Use the environment variable in the maven command
      Please read: https://www.jenkins.io/doc/book/pipeline/jenkinsfile/#string-interpolation

      sh 'mvn ... -DenvironmentVariableUsedInTheTest=${variableNameYouWantToUse} ...'

    GitHub Actions

    Read this 1st: https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions

    1. Create the secrets in GitHub

      image (33).png

    2. Add your secrets as environment variables in your workflow file using the IDE of your choice
      Workflow files must be under the .github/workflows folder

      env: user: ${{secrets.Q_USER}} pass: ${{secrets.Q_PASSWORD}}

    3. Use the environment variable in the maven command

      - name: xyz shell: cmd run: | ... -DenvironmentVariableUsedInTheTest=%user% -DserverPassword="%pass%" ...

    External Systems

    KeePass

    Read this 1st: https://keepass.info/

    TESTIFI also has KeePass integration to read credentials from a KeePass file.

     

     

    Related content