Your tests can use sensitive information, for example, password, card numbers and so on. This information need to be secure. We do not recommend specifying such information directly in your tests, where it is shown and stored as plain text. This topic describes secure ways of storing and retrieving sensitive information used in tests.
To work with passwords and other sensitive data, you can create a special
Password variable type. You can create keyword test, project or project suite variables of this type. You can enter a variable value manually from the variables page, or prompt the user to enter a password during the test run. The value you specify for this variable is encrypted and stored in project files, it is not displayed in TestComplete. There is no way to change these variables, you can only reset them. The value stored in a password variable can be retrieved only with the
Keys methods. If you try to retrieve it in any other way, the variable will return a special moniker and the variable path. You cannot use these variables to pass secure information to other methods or databases. If you enter values using these variables, the entered text will not be posted to the log, and the captured image will not contain the entered text.
The following example demonstrates how to use a Password variable to simulate a password input:
Note that when you use the
Keys method to input value stored by a password variable in your application under test, TestComplete does not post the value to the test log.
If you type passwords into the appropriate controls (for example, Developer Express PasswordBoxEdit, JavaFX PasswordField, and so on) during test recording, TestComplete automatically saves their values to the project Password variables. It allows you to protect your passwords when testing.
Password variables are created by using the
SetText operation or method for keyword and script tests respectively:
When the recording is finished, the password values are stored as the password variables and their actual values are displayed neither in the recorded tests nor on the Variables page of your project.
If your passwords are recorded as text stings and are not masked in tests, make sure the Tools > Options > Engines > Recording > Record text input into simple editors as option is set to SetText (the default value).
Storing Sensitive Data in External Storage
You can use the third-party SecureStringStorage script extension that allows storing and reading data from an SH1 encrypted file. You can download the extension and see the example of working with it here:
|The SecureStringStorage script extension requires the .NET Classes Support plugin. To use the plugin, you must have a license for the TestCompleteDesktop module.|
Passing Data via Command Line
You can pass secure data as command line arguments to TestComplete and then get the command line arguments from tests using the
BuiltIn.ParamCount methods. The following example gets the last attribute from the command line and passes it to the
var nArgs = BuiltIn.ParamCount();
def PasswordArg(): nArgs = BuiltIn.ParamCount() PasswordField.SetText(BuiltIn.ParamStr(nArgs))
nArgs = BuiltIn.ParamCount
nArgs := BuiltIn.ParamCount;
var nArgs = BuiltIn["ParamCount"]();
Ask User to Enter Password
You can ask the user to enter a password. This can be done in different ways. You can either wait until the test execution reaches certain point and then ask the user to enter a password to proceed, or you can ask the user to specify all the required passwords before the test starts, store them to Password variables and use them when needed. You can ask the user to enter a password in two ways:
You can use the
BuiltIn.InputBoxmethod to prompt for a password. This is the easiest way, since it does not require additional skills. The sample code below prompts the user to enter a password, stores the password to the Password project variable and then uses it to enter the password in the password field.
Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "");
def Test(): Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "") PasswordField.SetText(Project.Variables.PasswordVar)
Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "")
Project.Variables.PasswordVar := BuiltIn.InputBox('PasswordWindow', 'Please enter a password', '');
Project["Variables"].PasswordVar = BuiltIn["InputBox"]("PasswordWindow", "Please enter a password", "");
You can create a user form and use it to enter a password. This approach is more complicated, since creation of user forms requires additional skills. See the following tutorial:
Note that both these methods imply that the test will not be fully automatic. Therefore, if you plan automatic testing, use other approaches described in sections above.