Protecting Sensitive Data

Applies to ReadyAPI 3.54, last modified on September 23, 2024

You may need to store sensitive data like passwords, usernames, connecting strings, or other values in your test projects. Typically, you use project properties for this. To protect project data against unauthorized access, you can secure individual project properties or the entire project with a password. This makes it impossible to open and view the project in ReadyAPI, examine the source files in third-party editors, or see encrypted data in logs, reports and test results. This topic explains how you can protect your project data with encryption.

Supported Entities

In ReadyAPI, you can encrypt –

  • ReadyAPI  preferences.

  • Entire test project.

  • Individual custom properties of your test projects.

Other entities, including the ones listed below, do not support encryption:

  • Individual custom properties of test cases, test suites, and test steps.

  • Individual custom properties of load tests, security tests and virtual services.

Encrypt Preferences

ReadyAPI preferences can store sensitive data. For example, SSL preferences store keystore passwords, or you can create global properties that store usernames, passwords or connection strings. You may want to encrypt these values to prevent unwanted access to them. You do this by encrypting the ReadyAPI settings file: <user-folder>/.readyapi/readyapi‑settings.xml. For instance, on Windows, it is C:\Users\<your-user-name>\.readyapi\readyapi‑settings.xml.

Set the password for the settings file

  1. Open the ReadyAPI Preferences dialog.

  2. Specify the password in the Global Security section.

    Do not lose the password. It is impossible to recover the settings file if you lose or forget the password.
  3. Click OK to save the changes and to encrypt the settings file.

    Web service testing with ReadyAPI: Encrypting preferences

    Click the image to enlarge it.

When you start ReadyAPI, it will ask you to specify the password for the settings file:

API testing with ReadyAPI: Request for settings file password

If the password is invalid, ReadyAPI will suggest starting with default settings or not starting the product. If you select to use default settings, ReadyAPI will back up your current settings to the <user-folder>/.readyapi/readyapi‑settings.xml.bak.xml file. To restore preferences, simply rename this file to readyapi‑settings.xml and specify a valid password on the product start.

Decrypt the settings file

To remove the password protection from the settings file, simply remove the password: start ReadyAPI, clear the password text box on the Preferences > Global Security page, and click OK to save the changes.

Encrypt the Entire Project

Set a Password

  1. Select your project in the Navigator panel on the left.

  2. Select Entire project in the Encryption Mode project property.

  3. Enter an encryption password in the Project Password property.

    Do not lose your password. There is no way to recover an encrypted project file if you lose or forget the password.
  4. Click Save on the ReadyAPI toolbar to save the changes.

    Protecting ReadyAPI Projects: Encrypt project

After you save the protected project, the project icon will have a small E letter to indicate the encryption:

Encrypted project

Remove Password Protection

To remove password protection from your project, clear the Project Password field and save the project.

Encrypt Individual Properties

You can encrypt individual custom properties of your project.

1. Set an encryption password

  1. Select your project in the Navigator panel on the left.

  2. Select Selected properties in the Encryption Mode project property.

  3. Enter an encryption password in the Project Password property.

    Do not lose your password. There is no way to recover an encrypted project if you lose or forget the password.
API testing with ReadyAPI: Encrypt project properties - Setting password

2. Encrypt properties

  1. Open the Custom Project Properties panel.

  2. Select the needed property and click Encrypt Icon on the toolbar. ReadyAPI will replace the property value with a string of asterisks.

  3. Click Save on the ReadyAPI toolbar to save the project.

    API testing with ReadyAPI: Encrypt project properties

    Click the image to enlarge it.

Notes

  • To view a property value, you need to decrypt the property (see below).

  • In the Selected properties encryption mode ReadyAPI does not show E on the project icon in the Navigator panel.

  • The Selected properties mode is incompatible with ReadyAPI version 2.1 and earlier. If you encrypt a property in ReadyAPI 2.2 or later and then open your project in an earlier version of the product, the encrypted properties will be blank. If you change an encrypted property in an earlier version of the product and then open your project in ReadyAPI 2.2 or in a later version that supports property encryption, then the property will have the “encrypted” value, and the changes you made to it in the earlier product version version will be lost.

  • Having a large number of encrypted properties in a project may slightly affect the performance of ReadyAPI. This happens because ReadyAPI has to encrypt the properties in all the logs.

Decrypt a Property

  • Select a property in the Custom Project Properties panel and click Decrypt Icon on the toolbar:

    API testing with ReadyAPI: Decrypt project properties

Properties are also decrypted when you clear the Project Password property of your project (see above).

Opening Encrypted Projects

When you open an encrypted project in ReadyAPI, or if the project you open has encrypted properties, ReadyAPI asks you to specify the password:

API testing with ReadyAPI: The 'Enter password' request

If you specify a wrong password, ReadyAPI will prevent access to encrypted data:

  • If you encrypted individual properties, then you will not be able to see their values, nor use them in tests (property expansion for them will result in an empty string).

  • If you encrypted the entire project, then all the project data: project properties, APIs, test cases, and other items will be hidden from the Navigator panel:

    API testing with ReadyAPI: Protecting data with a password

    To retry, right-click the project in the Navigator and select Open and Decrypt from the context menu:

    API testing with ReadyAPI: 'Open and Decrypt' command

Referring to Encrypted Properties

You use encrypted properties in the same way as non-encrypted properties. There is no need to decrypt them every time you use them. Specifying a password on opening the project is enough (see above).

You can insert properties in test step parameters, load test properties, virtual service responses, scripts, and other places that support property expansions. (Note that ReadyAPI preferences do not support property expansions, so using project properties there is meaningless.)

To refer to a property, you use syntax like this:

${#Project#custom-property-name}

ReadyAPI will “expand” this expression during the test run and will insert the property value.

Example of Using Encrypted Properties

You may want to use property expansion in authentication settings of your requests. Open the Auth tab of the request editor, and enter the needed expression there:

API testing with ReadyAPI: Encrypting authentication data

Click the image to enlarge it.

Tip: When you enter a property-expansion expression into a password field, your input is masked. To avoid misprints, type the expression in some editor or text box, and then copy and paste the expression into the needed password field.

Important Note

We would like to remind once again that passwords cannot be restored. Do not to lose, nor forget them. If needed, write them down and save in a secured place. There is no way to recover a password if you forget it.

See Also

Property Expansion
Best Practices

Highlight search results