It's all about the answers!

Ask a question

[RQM] How to provide user credentials to a script run via the command line adapter?

Jochen Widmaier (2217) | asked Aug 17 '16, 3:19 a.m.
Hi everybody,

I am setting up a bunch of test cases which run test scripts via the RQM command line interface. Those scripts will access different servers and need credentials of a user to log in there. What is your recommendation how to hand over the password without getting it logged somewhere along the way? I think execution variables will be logged (and I don't want my password to be shown in some log everybody can access).

My current workaround is to store my login credentials in the scripts itself. But I only do it because the scripts are currently only located on my PC. As soon as I distribute them to different PCs running CLA I don't want my password in there any longer (as well as I want other users to be able to give their credentials).

Accepted answer

permanent link
Michael Triantafelow (4513) | answered Sep 16 '16, 10:46 a.m.
I'm not aware of any mechanism in QM for sending sensitive fields to automated tests.  I'm not entirely sure what your circumstances are, but I know in our case our tests are only executing against test machines with fake data, so there is no requirement to guard the credentials to those machines.

I haven't thought this all the way through yet, so don't judge me too harshly, but perhaps there is something you could do with encryption?  Maybe you give the script an encrypted password and pass the key to decrypt it as an execution variable?  That would prevent anyone that only had access to the test machine from getting the password in plain text.  Also, QM would never have the password, only the key, so you wouldn't need to worry about a plain text password from being logged on our side.

I feel like if I were you that's the direction I would start off in if I had to solve this problem.
Jochen Widmaier selected this answer as the correct answer

Jochen Widmaier commented Sep 20 '16, 7:23 a.m.

We are currently not using RTC SCM and I need to access our productive SCM system to download the project against which the test shall run. For that access I need the credentials. I will see, if I find an encryption solution. Thank you for that hint.

Your answer

Register or to post your answer.