AssertionsMasking Secrets and Passwords

How to Mask or Not Print The Secrets

Sometimes we should not print secrets or tokens or passwords to the log or console. There are various security reasons why we should not do that. Hence we can mask the secrets and even reuse them through the steps easily.

The following are sample test scenarios and their run logs to achieve that.

Example

Test Scenario

{
    "scenarioName": "Masked Secret path as step param - Reusable Secret or Bearer token",
    "steps": [
        {
            "name": "get_balance_via_secret_token",
            "url": "/home/accounts/123/balance",
            "operation": "GET",
            "request": {
                "headers": {
                    "Authorization": "Bearer ${MASKED:token1002003004}",
                    "request-bank-name": "${MASKED:HSBC}",
                    "secretCode": "${MASKED:Amazing}"
                }
 
            },
            "assertions": {
                "status": 200,
                "body" : {
                    "balance" : 3900,
                    "name" : "${$.get_balance_via_secret_token.request.headers.request-bank-name}",
                    "current" : true
                }
            }
        },
        {
            "name": "find_match",
            "url": "/api/v1/search/persons",
            "method": "GET",
            "request": {
                "queryParams": {
                    "lang": "${$.get_balance_via_secret_token.request.headers.secretCode}",
                    "city": "${MASKED:Lon}"
                }
            },
            "verify": {
                "status": 200,
                "body": {
                    "exactMatches": true,
                    "name": "Mr Bean",
                    "lang": "${$.get_balance_via_secret_token.request.headers.secretCode}",
                    "city": "${$.find_match.request.queryParams.city}"
                }
            }
        }
 
    ]
}

Scenario Console Logs:

-----------------------------------------------------------------------------------
 
Scenario:
+++++++++
 
Masked Secret path as step param - Reusable Secret or Bearer token 
-----------------------------------------------------------------------------------
 
--------- TEST-STEP-CORRELATION-ID: 204cadc1-5d2a-435f-b67d-935f2392b1e2 ---------
*requestTimeStamp:2024-02-07T20:32:49.296
step:get_balance_via_secret_token
id:None
url:http://localhost:9998/home/accounts/123/balance
method:GET
request:
{
  "headers" : {
    "Authorization" : "Bearer ***masked***",
    "request-bank-name" : "***masked***",
    "secretCode" : "***masked***"
  }
} 
--------- TEST-STEP-CORRELATION-ID: 204cadc1-5d2a-435f-b67d-935f2392b1e2 ---------
Response:
{
  "status" : 200,
  "headers" : {
    "Date" : [ "Wed, 07 Feb 2024 20:32:49 GMT" ],
    "Last-Modified" : [ "Wed, 07 Feb 2024 20:32:49 GMT" ],
    "Transfer-Encoding" : [ "chunked" ],
    "Content-Type" : [ "application/json" ],
    "Connection" : [ "keep-alive" ]
  },
  "body" : {
    "balance" : 3900,
    "name" : "HSBC",
    "current" : true
  }
}
*responseTimeStamp:2024-02-07T20:32:49.302 
*Response delay:6.0 milli-secs 
---------> Expected Response: <----------
{
  "status" : 200,
  "body" : {
    "balance" : 3900,
    "name" : "***masked***",
    "current" : true
  }
} 
 
-done-
 
 
--------- TEST-STEP-CORRELATION-ID: 2e04e240-abcb-44c4-86da-d9155d5a71c6 ---------
*requestTimeStamp:2024-02-07T20:32:49.304
step:find_match
id:None
url:http://localhost:9998/api/v1/search/persons
method:GET
request:
{
  "queryParams" : {
    "lang" : "***masked***",
    "city" : "***masked***"
  }
} 
--------- TEST-STEP-CORRELATION-ID: 2e04e240-abcb-44c4-86da-d9155d5a71c6 ---------
Response:
{
  "status" : 200,
  "headers" : {
    "Date" : [ "Wed, 07 Feb 2024 20:32:49 GMT" ],
    "Last-Modified" : [ "Wed, 07 Feb 2024 20:32:49 GMT" ],
    "Transfer-Encoding" : [ "chunked" ],
    "Content-Type" : [ "application/json" ],
    "Connection" : [ "keep-alive" ]
  },
  "body" : {
    "exactMatches" : true,
    "name" : "Mr Bean",
    "lang" : "Amazing",
    "city" : "Lon"
  }
}
*responseTimeStamp:2024-02-07T20:32:49.308 
*Response delay:4.0 milli-secs 
---------> Expected Response: <----------
{
  "status" : 200,
  "body" : {
    "exactMatches" : true,
    "name" : "Mr Bean",
    "lang" : "***masked***",
    "city" : "***masked***"
  }
} 
 
-done-