[OT] Testing and credentials best practices?

M

Miki Tebeka

Greetings,

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?

Thanks,
 
C

Chris Angelico

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control
Click to expand...

I've done several of these. Another option that may work in some
contexts is to mock the test altogether; have a server that simulates
whatever you needed credentials for, and accepts a key of all zeroes
or equivalent. Obviously that key can happily go into the source code
:)

ChrisA
 
R

Roy Smith

Miki Tebeka said:
Greetings,

How do you deal with tests (both on dev machine and Jenkins) that need
credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source
control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?
Click to expand...

We've been looking at using etcd to store credentials (essentially the
same solution as zookeeper). It seems like the right way to go.

So far, my impression of etcd is "neat, promising, not ready for prime
time yet" (to be fair, the etcd folks don't claim it's stable yet).
ZooKeeper at least has the advantage of being in production use for a
long time, so it should be pretty bullet-proof.
 
M

Miki Tebeka

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?.
I've done several of these. Another option that may work in some
contexts is to mock the test altogether;
Click to expand...
Thanks, but mocking is last resort for me, it reduces the value of testing greatly and has the burden of catching up with the mocked service.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

ASP.NET Design and Development Best Practices? 2
JTree Best Practices 14
ANN: A new version (0.3.3) of the Python module which wraps GnuPG hasbeen released. 0
newbie troubles - creating an array dynamically. best practices. 5
TransModal modal dialog project : beta testing 12
Best way to deploy authentication on web services 0
'Needless flexibilities' and structured records [very long] 10
Excellent openings for an MNC Client in Blore for java,c++,.net & Testing Professionals 0

Members online

Total: 34 (members: 2, guests: 32)
Robots: 338

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top