Managing Test Credential

Overview:

Credentials are critical data used during testing. They are crucial not only for the test outcomes but also demand high levels of security and confidentiality. The Testany Platform's Testany Secrets Service (TSS) ensures end-to-end protection of credentials throughout the testing process, preventing their leakage during storage, retrieval, and execution.

Understanding Testany Secrets Service

TSS definition (aka TSS): Testany Secrets Service is a specialized service designed to fetch secrets from Trusted Certificate Safes, such as Azure Key Vault and AWS Secrets Manager. It facilitates secure retrieval of sensitive information like keys and certificates, ensuring data security and compliance with industry standards. The service operates by receiving requests to extract specific secrets identified by keys and responds with the requested data, thus playing a crucial role in secure information management.

In the Testany Platform design, TSS is integrated with the Test Execution Runtime module in a one-to-many relationship. The management of test credentials varies depending on the deployment method of the runtime, whether it is Testany Managed Cloud or Self-Managed Cloud.

If you have some secure data like credentials which need to be used in your test case, you can use Testany Secrets Service to enable tests retrieve credential/secure data via Credential Safe during execution.

Manage Credential Safe

ℹ️

This document is intended primarily for Workspace Admins responsible for managing test credentials. Other roles may also find it useful for reference.

Understanding the concept of "Credential Safe"

In the design of the Testany Platform, all credentials used in testing themselves must and can only be stored in a safety place provided by third-party services that comply with all relevant information security laws and regulations. These third-party services could be IaaS or SaaS providers.

Currently, the Credential Store integrated with Testany Secrets Service include:

  • AWS Secrets Manager
  • Azure Key Vault

To ensure that running test programs can securely and automatically read credentials stored in third-party credential stores during automated test execution, and to prevent credential leakage throughout the entire test lifecycle, test case authors should reference these credentials through Secret rows under Environment variables. For the end-user workflow, see Managing Test Case and Protect the credentials used in testing.

Thus, a "Credential Safe" is a virtual object representing a third-party credential store on Testany Platform, and a "Credential" is also a virtual object representing the credentials stored in that credential store.

Create Credential Safe

Before you start...

  1. Ensure you have Admin privileges for the Workspace where you need to create the Credential Safe.
  2. Create access permissions for TSS to access the third-party Credential Store corresponding to the Credential Safe that will be created (either via username and password or IAM method).

Step-by-Step Guide

Click Workspace settings

image-20240229-102643.png

Navigate to Credential tab and select the Runtime that needs to be associated with the Credential Safe to be created

image-20240621-060023.png

click "Add credential safe" button

image-20240621-060218.png

  • If the Runtime you've selected is "CloudPrime-Default"

Provide related information then click "Submit" button

image-20240229-104427.png

  • If the Runtime you selected is NOT "CloudPrime-Default"

You'll be asked to provide the Credential Safe instance name and URL

image-20240621-060613.png

After creation, you will get a Credential Safe Key that identifies this safe. Test case authors usually select it from the UI, and admins may also use it when troubleshooting workspace credential configuration.

image-20240229-104526.png

Edit Credential Safe

You may edit the name and URL of the existing Credential Safe by click here:

image-20240621-092155.png

Please note the Credential Safe key is NOT allowed to be edit.

Delete Credential Safe

You may delete an existing Credential Safe by click here:

📝

Credential which are created under the Credential Safe will be deleted too if you delete a Credential Safe. And all tests which reference the credentials will be immediately impacted.

image-20240621-092518.png

Manage Credential Key under Credential Safe

ℹ️

The credential key is the key name for your credential which stored in your managed Credential Safe

You need to provide the key name under a Credential Safe. After that, test case authors can reference it from Environment variables -> Secret and reuse it across multiple test cases.

Add credential in your credential store (Azure Key Vault or AWS Secrets Manager)

Plain Text
az keyvalult secret set --vault-name <YOUR-VAULT-NAME> --name client-secret --value <YOUR-SECRET-VALUE>

Add Credential Key on Testany Platform

Click "+" to add the key name you will create in your Credential Safe.

  • Credential name, it is a display name for the credential key name
  • Type, it is the credential type(key/secret/certificate)
  • Key, it is the credential key name. it MUST be same as the Key ( client-secret ) your created in the step of "Add credential in your credential store".

image-20240229-105605.png

Edit Credential Key

By click the "edit" button, you may edit the credential key information:

image-20240621-092832.png

Delete Credential Key

By click the "delete" button, you may delete the credential key you've picked. Please note the test cases which has referenced this Credential Key will be impacted immediately.

image-20240621-093112.png

Next Steps

After setting up the Credential Safe and Credential Keys, developers usually use them in one of these ways:

  • Add a Secret row under Environment variables in the test case and reference the credential there.
  • Use Bulk Manage Test Cases to append or replace Secret references in batches.
  • Call the Testany Secrets Service API in the test code to retrieve the actual value at runtime.

See Protect the credentials used in testing for the detailed workflow.

Still have questions?

Our team is here to help. Get in touch and we'll get back to you as soon as possible.