[OT] Testing and credentials best practices?


M

Miki Tebeka

Greetings,

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?

Thanks,
 
Ad

Advertisements

C

Chris Angelico

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

I've done several of these. Another option that may work in some
contexts is to mock the test altogether; have a server that simulates
whatever you needed credentials for, and accepts a key of all zeroes
or equivalent. Obviously that key can happily go into the source code
:)

ChrisA
 
R

Roy Smith

Miki Tebeka said:
Greetings,

How do you deal with tests (both on dev machine and Jenkins) that need
credentials (such as AWS keys)?. I know of the following methods:

1. Test user with known (stored in source control) limited credentials
2. ~/.secrets (or any other known location) RC file which is not in source
control
3. Credentials service (such as ZooKeeper) accessed only from VPN
4. Credentials pre user encrypted (gpg) and stored in source control

What method are you using? Are there any best practices in the subject?

We've been looking at using etcd to store credentials (essentially the
same solution as zookeeper). It seems like the right way to go.

So far, my impression of etcd is "neat, promising, not ready for prime
time yet" (to be fair, the etcd folks don't claim it's stable yet).
ZooKeeper at least has the advantage of being in production use for a
long time, so it should be pretty bullet-proof.
 
Ad

Advertisements

M

Miki Tebeka

How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?.
I've done several of these. Another option that may work in some
contexts is to mock the test altogether;
Thanks, but mocking is last resort for me, it reduces the value of testing greatly and has the burden of catching up with the mocked service.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top