Hello community!
I am curious how you get access to specific parts of the environments like admin panel or get credentials for another type of user (they can be common to all QAs).
Do you need ask credentials from different parts(PMs, developers, devops and so on)? or
There is place where you can go and take them? or
Do you ask devops aka admins who have all of them? or
May be you have another policy/rules
It would be nice to hear from you about your experience.
P.S Lets skip production, there are policies which are not discussable.
Having a password manager which allows sharing of development environment passwords is the best way to do it I think. As long as those passwords are updated semi-frequently (AKA, when somebody leaves the team). That’s the hard part.
For automated tests, using something like AWS Secrets Manager works quite well.
For production environments – this should be your own password, and should never be shared. Not sure why that can’t be discussed!
Hello Cameron!
Thank you for your answers.
Interesting idea to keep all shared credentials, which can be re-used by QAs, PMs or any other team member(if they need them) in one place.
Regarding production, may be I didn’t write clear, so long story short. Of course we have access to it, and each has his/her own password and there is no shared credentials. This was the reason why I wanted to skip it.
Credentials just need to be scoped, and have a way of creating ones for automation processes as well as for end users. Automation credentials need to be expiring tokens typically to prevent leaking a token. But policy as to what is in scope or not, is more political than it often needs to be.
It entirely depends on how much tracking you need, but automation tooling needs to not use user credentials, it’s a huge problem when “machines” use user creds, it just fails the trust model.
You gave me food for thought.
Since I meet here there rules, policy. I need to analyse this info and understand how we can use it for shared credentials. Otherwise I will jump into the fire. This only thing worries me for now. May be “worry” is not correct word, but I feel that we should improve it.
Our usernames and passwords are created and are under control as should be. Nobody can access the system with someones credentials. So shortly speaking, there is no concerns or doubts how the processes are working for new/old users on all envs incl. production.
I need to analyse this info and understand how we can use it for shared credentials. Otherwise I will jump into the fire. This only thing worries me for now. May be “worry” is not correct word, but I feel that we should improve it.