0

My team and I are starting to use SmartBear's ReadyAPI tool to do some automated testing of a REST web services we are developing. I have created a new Project within ReadyAPI and imported the API's openapi definition (via Swagger). The project is saved as a "composite project" - i.e. it is saved as many files within a project folder, instead of as one monolithic XML definition. This folder will eventually be added to source control (git).

The web service uses OAuth2.0 authentication, and I'm happy with how ReadyAPI allows you to create a token and associated it with each request in the API. However it seems that ReadyAPI writes the token out to the settings.xml file for the project, which is a file that would be committed to source control. It is inappropriate to commit a token value to source control. Is there a way to tell ReadyAPI to save that token off in a user-specific space, similar to how it handles user-specific project properties?

I don't think I can just gitignore the entire settings.xml file, since it contains other project-specific settings that I do want to save in source control.

Below is a portion of a diff showing the change to the settings.xml file that is written after I successfully retrieve a token:

enter image description here

johnmcase
  • 1,769
  • 2
  • 16
  • 27

1 Answers1

0

Check out our documentation on Protecting Sensitive Data.

What we can do in this case is encrypt the project itself. This will also encrypt all the values in your project's .xml file.

SmartBearSarah
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jun 25 '22 at 12:20