How to manage password security issues in automation testing within Robot Framework
In the extent we are dealing with test automation, we are very often faced with the problem of managing password security issues.
It is not seldom to find ourselves in a situation where we are finally keeping sensible password data as clear text within our test scripts, without any possibility of encryption. These test scripts being generally kept in an environment accessible also to other people, serious security problems may occur with undesirable consequences.
In this article, I will explain a simple solution we may use to keep our passwords encrypted, using simply a password manager interfaced to our automation tool. The automation tool we are using is Robot Framework, and our solution applies to that tool. However, we believe a similar approach could also be used with other test automation tools as well with the help of a little bit of creativity.
Basically, our solution consists of keeping the username-password pairs using a password manager which will strongly encrypt the passwords. We then ask our automation tool to access the password manager database to find and use the password corresponding to a given username. In order to access the password manager database, our automation tool will need to use some sort of certificate called Keyfile which we always keep in a separate and secure location, accessible only to us and to the automation tool. This keyfile can easily be created from within the password manager.
Needless to say, the same mechanism could also be utilized to keep other kinds of sensitive data, just saving them within the password manager database exactly as if they were passwords.
The implementation of our solution with Robot Framework and KeePass password manager requires the following steps:
- Install the open source KeePass password manager from https://keepass.info/
- Install the KeePass library for Robot Framework from https://pypi.org/project/robotframework-keepasslibrary/
or directly using pip :
pip install –U robotframework-keepasslibrary
- Run KeePass application and configure it so that it requires only a keyfile and NOT a master password. Create a keyfile (its default name is Database.key) considering instructions given in https://keepass.info/help/base/keys.html
- Use KeePass application to save your usernames and passwords into its database (database’s default name is Database.kdbx)
The KeePass application works only with Windows. However, if your system operates on a different OS you may still use this solution because Robot Framework needs only the database file and the keyfile. Therefore if you are working in a different OS environment, just install KeePass on a separate Windows machine, generate your database file and keyfile, move these two files on your main system and access them with your Robot Framework scripts. Naturally, we should avoid keeping these files in the same location for security reasons.
Finally, you will find below a simple example of Robot Framework implementation of our idea. I hope you will enjoy it.
+352 31 44 01
+352 31 44 01