Skip navigation links

Package us.johnmeyer.sitetest.credentials

Facilities for managing credentials.

See: Description

Package us.johnmeyer.sitetest.credentials Description

Facilities for managing credentials. See BrowserstackCredential.Mode for supported credential storage approaches: "local file", "embedded in source", and "console prompt".

Secure My Browserstack Credentials

As regards the Selenium webdriver authentication mechanism, it is what it is. The best we can do is ensure that the user ID and automate key are protected. Were PCI certification required here, it would need to address two kinds of secrets:

  1. PAN (personal account number) information , which includes payment card information, and
  2. credentials.

Credentials are the keys to the servers and services. Per the specification:

8.2.1 Using strong cryptography, render all authentication credentials (such as passwords/phrases) unreadable during transmission and storage on all system components.
— PCI DSS v 3.2

The most egregious risk at this point is the possibility of transmitting the credential to Bitbucket or Github, where it can be read by all the world.

As a start, I've just put in a couple of controls to get me closer to the specification:

Control Option 1: The .bsc File

To block this, the code references a file called .bsc in the user's home directory. See in the project for how to set this up.

Control Option 2: prompting

screen pic of simple username/password prompt

The console prompts for user ID and key, and the secret information remains safely off of the system and out of the source code. This works when running the product from the command line but not from maven.

3/5/2018 there is a problem with prompting not happening automatically. Until this is fixed the .bsc file is the only way to automate connectivity to Browserstack.

BrowserstackCredentialWrapper and Build Name

Working in Browserstack Automate

Browserstack has a 'build name' field that is set once per Selenium WebDriver session and that can be used to look up test results on their website. For working through new tests, I'm putting the integration test method name into this field so that I can identify tests that are erroring. This means I am instatiating a new webdriver each time I run a test.

Some classes I plan to build for the testing of the site Tester is coming together in a Bitbucket git repository. As of 10/25/17 you can run this yourself if you copy the BrowserstackCredentials file to the testSite package directory and update it with your own secret browserstack credentials.


Skip navigation links

Copyright © 2018. All rights reserved.