How to manage test credentials practically and securely?


(Alison) #1

I’m interested to hear how other people manage test credentials (i.e. usernames or emails, and passwords), to get a balance of the following:

  • credentials can be made available to scripts/builds that automate tests
  • credentials can be accessed reasonably easily by humans who want to use them to conduct one-off tests
  • passwords are stored in a sufficiently secure way
  • when multiple/many credentials need to be stored, managing them all is still feasible

In practice, I’ve made better progress on some of these than others. Generally I’ve prioritised security and making the credentials accessible for test automation, but the downside is that, as a human, managing and using the credentials is quite fiddly and error-prone. Maybe there’s a better way?


(Fabio) #2

Basically what we do is pretty similar from what you described, we have manual test logins and automated test logins. Manual test logins can be shared with someone outside of QA team, even though I have asked to avoid sharing them, but automation logins are not even shared among QA team, only automation team has access to those logins, those logins cannot keep on having password changes or any type of configuration change that can affect automation, therefore not shared with anyone.


(Pavan N) #3

We can use AWS Security key provider[AWS Secrets-manager] or if you want to use Azure[AZURE Key Valut] we can have that for the secure storage for the key Managment


(Alison) #4

@fabio The idea of maintaining separate logins for automation and human usage is interesting, I’ll definitely give that some more thought.

@pavan_n I’ve been using the Azure key vault, to it’s good to confirm that it’s a decent option. One downside to it is that the secrets are stored in a big ol’ list. The lack of folders/structure means that storing lots of information in it can get a bit unmanageable, and using systematic naming only helps so much. This was something I was hoping to improve, but I don’t know if there are many options.

Thank you both for your replies, I’ll share them with my team :slight_smile: