1

Im searching for a way or method to hide my password for a selenium automation test in visual studio C#.

Currently, i hardcoded the password in my C# code.

Was searching for tutorials on youtube or here in stackoverflow but didnt find anything useful.

Some people are talking about encryptions in the C#/Selenium tutorials, but as i have heard, its not that hard to find out the password when someone knows how to encode. Am i wrong?

The automation test is also being used by my co-workers, so it should be also possible for them to run the automation test while the password is hidden.

Are there any ways, how to hide a password, but use it for a selenium automation test?

(Would appreciate an code example if code is needed)

Beardy
  • 163
  • 1
  • 15
  • hey there, where are you running those test if i may ask, if it is local just store it in an environment variable and read it as soon as you need it. – Isparia Jul 26 '21 at 13:55
  • For now i am running the Selenium automation test locally on my computer. But as soon as it is done and merged to the master branch and pushed to the bitbucket, there is going to be a tool, with which my team and me, can start those tests, without starting visual studio. We use bitbucket to upload it and there are some additional tools for it. – Beardy Jul 26 '21 at 14:36

3 Answers3

1

You can set your password as environment parameter and get it with something like this:

string password = Environment.GetEnvironmentVariable("seleniumPassword");

To set the environment variable you can use this:

string setEnv = Environment.SetEnvironmentVariable("seleniumPassword", 123456);

123456 is the password here

Prophet
  • 32,350
  • 22
  • 54
  • 79
  • thanks for your answer. But the password can be red in the visual studio code right? – Beardy Jul 26 '21 at 14:33
  • It depends on how you write it to the environment parameter and how read it from. Generally yes, but in this way you don't keep it inside your project code and not in Git. – Prophet Jul 26 '21 at 14:41
  • Yeah, the requirments from my company is, to store passwords nowhere visible. Either hided in an external file which cant be opened easy or through an other way. Tried also to use KeePass, but wasnt able to find any useful informations how to implement KeePass into C# visual studio or how to access the passwords there during an automation test – Beardy Jul 26 '21 at 14:47
  • This is how we do it. We are security / authorizations solutions company, so you can trust this is good enough approach. – Prophet Jul 26 '21 at 14:54
  • Yeah but i dont really understand your example. My selenium automation test is inside our website solution. If i would use your method, anyone who downloads my branch, would see the "123456" password and instantly know, that this is the password =) Or do i missunderstand your example? Its just not allowed in our company to display any code which has password in it. KeePass is something others use, but i didnt find yet any examples how to set it up – Beardy Jul 26 '21 at 15:01
  • The environment variables are not set with selenium, only read with. The tests are running inside a docker somewhere and somehow. Even me, as an automation engineer have no access there. Devops are set these variables somehow in the docker image so that the credentials are not stored inside automation code, also not in Git. – Prophet Jul 26 '21 at 15:28
  • You are really convincing :D The next issue is, i have literally no clue, where i should start to implement these code lines. Ill try to find now some tutorials to that topic "Environment Variables". Thanks prophet once again – Beardy Jul 26 '21 at 15:46
  • 1
    Ill do accept it 100% after i implemented it :b i promise ;) I then will also share my code using the Environment Variables method. – Beardy Jul 26 '21 at 15:50
  • One more questions prophet. If i use your way to hide passwords, does it also work for my coworkers, who will pull my branch and start the automation test locally on their PC? In the end, we do upload my branch to a master branch and then on our bitbucket server, where we can start those automation tests pararell without using visual studio. Is your solution still usefull in these 2 cases? – Beardy Jul 26 '21 at 16:26
  • Well, you can use it in the following way: you can define these variables in external file. In your code you will read both from the file and from environment variables. So while developing the automation code you can use the data from both sources. But when uploading the code or when merging to master remove that external file. – Prophet Jul 26 '21 at 16:34
  • 1
    yeah thats the issue ive got now. My coworker shouldnt create extra "enviroment variables" just to be able to start the automation test. My goal is just to push my branch they pull it and only simply press on "Start test" without extra adding those variables. But after not finding anything in the web, the only thing which seems to work is using keepass. – Beardy Jul 26 '21 at 16:48
0

SecureString Class

    // Instantiate the secure string.
    SecureString securePwd = new SecureString();
    ConsoleKeyInfo key;

    Console.Write("Enter password: ");
    do {
       key = Console.ReadKey(true);
       
       // Ignore any key out of range.
       if (((int) key.Key) >= 65 && ((int) key.Key <= 90)) {
          // Append the character to the password.
          securePwd.AppendChar(key.KeyChar);
          Console.Write("*");
       }   
    // Exit if Enter key is pressed.
    } while (key.Key != ConsoleKey.Enter);
    Console.WriteLine();
Alan
  • 1
  • 1
  • yes and no, the password could end up way to short this way and, then your application is less secure. – Isparia Jul 26 '21 at 13:54
  • As i understand the code: a console is opening in which i need to enter the password? I need a way to store a password somewhere, which is being called by/during the automation test automatically. – Beardy Jul 26 '21 at 13:56
  • That's the Microsoft C# example. You should add a few lines to adapt your code. – Alan Jul 26 '21 at 14:14
  • Thanks but this isnt what i was looking for. The password should be stored somewhere. My goal is to press on the "Run" button for the test automation and during that test, it gets the password automatically from where i stored it. – Beardy Jul 26 '21 at 14:37
0

Passing is secrets via environment variables is the way to go. This answer https://stackoverflow.com/a/57638491/8393497 has a great idea of creating a .cmd (could just as easily be a .sh for Linux) to take command args to set the environment vars.

Richie
  • 41
  • 5
  • Thanks, after figuring out that the Nuget Packages for KeePass are not working on Net 5.0, im looking for another methods. Will check out that environment variables method. – Beardy Aug 02 '21 at 12:47