I have the task of deploying Robotmk tests on various virtual machines and monitoring them via individual Checkmk agents.
The deployment itself on the VMs is not the problem - but the passwords in plain text in the tests are a different matter.
I have tried the “robot-framework-crypto” library, which works with key pairs and decryption during the test process.
This also works so far, but as far as I know so far, it requires that the key pair is on the same machine as the test.
Unfortunately, this is not secure enough in my case.
Is there a way to use passwords in Robot Framework (Robotmk) tests without having them in plain text somewhere on the system on which the tests are executed?
I would be very happy to receive tips and comments!
but the passwords in plain text in the tests are a different matter.
yes, this should be avoided. CryptoLibrary is made for that.
but as far as I know so far, it requires that the key pair is on the same machine as the test.
This is not a problem as long as the password for the private key is NOT stored in the repo.
Instead, my best practice is to create an environment variable (example: ROBOT_CRYPTO_KEY_PASSWORD) which I access inside of the script (2).
It should be clear that this approach ist not a 100% secure solution because the “secret” has to be stored somewhere. Afaik there is not library so far for central vaults like Hashicorp Vault .
By the way: by default, the CryptoLibrary stores the keypair in the Python site-packages lib folder.
This does not make sense to me at all. It is important to have the keys in the repository.
This video shows how to
create a keypair inside of the current RF project directory (folder: keypairs)
encrypt a secret
How to decrypt a secret (normally not done on the CLI but in rare cases it can be helpful ). Here, you must beforehand set the keypair path again.
I hope that answers your questions. If not, I am happy to help!
Regards,
Simon
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
). Here, you must beforehand set the keypair path again.
