I am using AWS Device Farm to run Cucumber tests for both Android and iOS.
As part of the testing, I need to access a 3rd party API to compare actual and expected results, providing username and password. What is the best way to provide these credentials? I would like to avoid providing them in plain-text in any form.
So far, I have tried to use the AWS Secrets Manager to store the password, and retrieve it using the aws-java-sdk-secretsmanager library. This works locally, but on the device farm it fails because the environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY (or their Java system properties equivalents, respectively) are not defined (please see the stacktrace below). Of course I can set them explicitly in the test spec file, but that would kind of defeat the purpose, as again sensitive information would be stored in plain-text.
Is there a way to propagate these environment variables to the scheduled run of the device farm? If not: what are the best practices to encrypt and provide sensitive data?
Thank you, Simeona
[TestNG] Caused by: com.amazonaws.SdkClientException: Unable to load AWS credentials from any provider in the chain: [EnvironmentVariableCredentialsProvider: Unable to load AWS credentials from environment variables (AWS_ACCESS_KEY_ID (or AWS_ACCESS_KEY) and AWS_SECRET_KEY (or AWS_SECRET_ACCESS_KEY)), SystemPropertiesCredentialsProvider: Unable to load AWS credentials from Java system properties (aws.accessKeyId and aws.secretKey), WebIdentityTokenCredentialsProvider: To use assume role profiles the aws-java-sdk-sts module must be on the class path., com.amazonaws.auth.profile.ProfileCredentialsProvider@1fde0371: profile file cannot be null, com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper@6438a7fe: The requested metadata is not found at http://169.254.169.254/latest/meta-data/iam/security-credentials/]
[TestNG] at com.amazonaws.auth.AWSCredentialsProviderChain.getCredentials(AWSCredentialsProviderChain.java:136)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.getCredentialsFromContext(AmazonHttpClient.java:1257)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.runBeforeRequestHandlers(AmazonHttpClient.java:833)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.doExecute(AmazonHttpClient.java:783)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.executeWithTimer(AmazonHttpClient.java:770)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.execute(AmazonHttpClient.java:744)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutor.access$500(AmazonHttpClient.java:704)
[TestNG] at com.amazonaws.http.AmazonHttpClient$RequestExecutionBuilderImpl.execute(AmazonHttpClient.java:686)
[TestNG] at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:550)
[TestNG] at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:530)
[TestNG] at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.doInvoke(AWSSecretsManagerClient.java:2737)
[TestNG] at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2704)
[TestNG] at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.invoke(AWSSecretsManagerClient.java:2693)
[TestNG] at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.executeGetSecretValue(AWSSecretsManagerClient.java:1222)
[TestNG] at com.amazonaws.services.secretsmanager.AWSSecretsManagerClient.getSecretValue(AWSSecretsManagerClient.java:1192)
P.S.: Also posted this question in AWS forums.
