Cypress 12: How to set variables locally and in CI -BitBucket so that there are no security concerns

Question

In E2E I am using some variables for dashboard, Mailosaur and BrowserStack.

This is the relevent part of cypress.config.js

{
  projectId: "XXXX", //dashboard project-id
  "env": {
      MAILOSAUR_API_KEY: "XXXXXX", // Mailosaur email api
      SERVERID: 'XXXX',
      TESTEMAIL: 'XXX'
    },
}

Similarly, for Browserstack.json these are the variables

{
    "auth": {
        "username": "XXXXX",
        "access_key": "XXXXX"
    },
}

How can I define these variables so that I can run my scripts locally and in BitBucket without creating any security issues.

Answer 1

For the Cypress sensitive data this question Unable to read values from .env.local file in latest Cypress version shows a reasonable way to handle sensitive data.

Browserstack keys can be defined on the Account panel, see BrowserStack access key

For Cypress in CI you need to set something like CYPRESS_MAILOSAUR_API_KEY, but the problem is there's no way to define the key independently of the checked-in code.

• if you use command-line settings, they are hard-coded in package.json
• if you use .env to hold secrets, it needs to be checked in so that the machine can use it

This blog Keep passwords secret in E2E tests gives a better picture.

We can set the required environment variable on CircleCI, but I really like the new CircleCI security contexts because they:

• allow explicitly listing the context that a job expects in the circle.yml file
• inject or stop the job depending on the security permission of the context

See Using Contexts, in CircleCI the secrets are set in the dashboard and don't need to be checked in anywhere.

To do the same with Browserstack, you could add a plugin for CircleCI, see Integrate BrowserStack Automate with CircleCI