[pytest-dev] keeping passwords out of code
Derek Sisson
philosophe at gmail.com
Sat Sep 22 12:19:00 EDT 2018
Hi,
I have an end-to-end test framework built on top of pytest, and a big
challenge is managing application passwords while keeping them out of the
code base.
I deal with multiple applications and services, on multiple tiers (staging,
production, etc.), so I have a large set of user-password pairs to manage.
I currently use a local yaml file, with passwords keyed to account ids,
along with a data model of users in the codebase keyed to the same IDs. My
conftest queries the yaml file with the ids to grab the passwords, and it's
set up to throw exceptions if there is anything out of sync between the
data model and the yaml file data.
Cumbersome, but works.... locally. I need to port the framework to Jenkins,
so I need a better and secure system.
Suggestions on better ways of managing passwords and secrets in a
pytest/jenkins context?
thanks,
--derek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/pytest-dev/attachments/20180922/13a80f15/attachment.html>
More information about the pytest-dev
mailing list