Don’t commit your credentials with your source code !
This is important advice.
The question then comes up though – where can I store them and still work efficiently and effectively on a day-to-day.
The first choice might see to be in your
.bash_profile) config file.
export AWS_ACCESS_KEY_ID='abc123' export AWS_SECRET_ACCESS_KEY='abc23456789'
However if you are lazy like me and don’t want to have to manually add this to your current
.bashrc every time you switch machine, you will likely store your config files online. Although not in the source code of the application (which is good), this is still additional exposure to your secrets.
I also like to make my ‘setup’ files available publically to others as public github repos and I definitely don’t want to be publishing my secrets that way !
The answer to this was to put the setting of the AWS credentials in a separate file and then include that file if it exists. For this I created the file
with the above two
and of course
$ chmod +x set_aws_credentials.sh
to make it executable
Then I check for this file and use it if it exists.
The additional file (
set_credentials.sh) is the part that does not ever get committed to any source code repository and is the one part of the process that you do manually each time you set up a new project or set up a project for the first time on a different machine, which provides the security of not having credentials in any code base.
This is done with this code added as the last line in my
test -f ~/set_aws_credentials.sh && . $_
Longer term, KMS provides better ways to automate and protect secrets in most orgs
“In order to have quality UI automation* you need to control state”
I wrote this a year ago and it’s as true today as it was then.
To control state you need:
- APIs to create test data state
- Session controls to set user state
- DB controls to set application state
- Environment state control (VMs, lambdas)
*Quality UI Automation is defined as:
- User focused
- Fault Tolerant
- Easy to change
- Highly available
- Easy to maintain
- Tagged for test type
- Test pyramid based
- Documentation as Code
- Providing actionable feedback