Your tests can use sensitive information, for example, password, card numbers and so on. This information need to be secure. We do not recommend specifying such information directly in your tests, where it is shown and stored as plain text. This topic describes secure ways of storing and retrieving sensitive information used in tests.
Password Variables
To work with passwords and other sensitive data, you can create a special Password variable type. You can create keyword test, project or project suite variables of this type. You can enter a variable value manually from the variables page, or prompt the user to enter a password during the test run. The value you specify for this variable is encrypted and stored in project files, it is not displayed in TestComplete. There is no way to change these variables, you can only reset them. The value stored in a password variable can be retrieved only with the SetText and Keys methods. If you try to retrieve it in any other way, the variable will return a special moniker and the variable path. You cannot use these variables to pass secure information to other methods or databases. If you enter values using these variables, the entered text will not be posted to the log, and the captured image will not contain the entered text.
The following example demonstrates how to use a Password variable to simulate a password input:
JavaScript, JScript
PasswordField.SetText(Project.Variables.PasswordVariable1);
Python
PasswordField.SetText(Project.Variables.PasswordVariable1)VBScript
PasswordField.SetText(Project.Variables.PasswordVariable1)
DelphiScript
PasswordField.SetText(Project.Variables.PasswordVariable1);
C++Script, C#Script
PasswordField["SetText"](Project["Variables"].PasswordVariable1);
Note that when you use the SetText or Keys method to input value stored by a password variable in your application under test, TestComplete does not post the value to the test log.
Recording Passwords
If you type passwords into the appropriate controls (for example, Developer Express PasswordBoxEdit, JavaFX PasswordField, and so on) during test recording, TestComplete automatically saves their values to the project Password variables. It allows you to protect your passwords when testing.
Password variables are created by using the SetText operation or method for keyword and script tests respectively:
Click the image to enlarge it.
When the recording is finished, the password values are stored as the password variables and their actual values are displayed neither in the recorded tests nor on the Variables page of your project.
If your passwords are recorded as text stings and are not masked in tests, make sure the Tools > Options > Engines > Recording > Record text input into simple editors as option is set to SetText (the default value).
Storing Sensitive Data in External Storage
You can use the third-party SecureStringStorage script extension that allows storing and reading data from an SH1 encrypted file. You can see the example of working with it here:
Work with encrypted data storage
|
The SecureStringStorage script extension requires the .NET Classes Support plugin. To use the plugin, you must have a license for the TestComplete Desktop module. |
Passing Data via Command Line
You can pass secure data as command line arguments to TestComplete and then get the command line arguments from tests using the BuiltIn.ParamStr and BuiltIn.ParamCount methods. The following example gets the last attribute from the command line and passes it to the SetText method:
JavaScript, JScript
function PasswordArg()
{
var nArgs = BuiltIn.ParamCount();
PasswordField.SetText(BuiltIn.ParamStr(nArgs));
}
Python
def PasswordArg():
nArgs = BuiltIn.ParamCount()
PasswordField.SetText(BuiltIn.ParamStr(nArgs))VBScript
Sub PasswordArg
Dim nArgs
nArgs = BuiltIn.ParamCount
PasswordField.SetText(BuiltIn.ParamStr(nArgs))
End Sub
DelphiScript
procedure PasswordArg;
var nArgs;
begin
nArgs := BuiltIn.ParamCount;
PasswordField.SetText(BuiltIn.ParamStr(nArgs));
end;
C++Script, C#Script
function PasswordArg()
{
var nArgs = BuiltIn["ParamCount"]();
PasswordField["SetText"](BuiltIn["ParamStr"](nArgs));
}
Ask User to Enter Password
You can ask the user to enter a password. This can be done in different ways. You can either wait until the test execution reaches certain point and then ask the user to enter a password to proceed, or you can ask the user to specify all the required passwords before the test starts, store them to Password variables and use them when needed. You can ask the user to enter a password in two ways:
-
You can use the
BuiltIn.InputBoxmethod to prompt for a password. This is the easiest way, since it does not require additional skills. The sample code below prompts the user to enter a password, stores the password to the Password project variable and then uses it to enter the password in the password field.JavaScript, JScript
function Test()
{
Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "");
PasswordField.SetText(Project.Variables.PasswordVar);
}Python
def Test(): Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "") PasswordField.SetText(Project.Variables.PasswordVar)VBScript
Sub Test()
Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "")
PasswordField.SetText(Project.Variables.PasswordVar)
End SubDelphiScript
procedure Test;
begin
Project.Variables.PasswordVar := BuiltIn.InputBox('PasswordWindow', 'Please enter a password', '');
PasswordField.SetText(Project.Variables.PasswordVar);
end;C++Script, C#Script
function Test()
{
Project["Variables"].PasswordVar = BuiltIn["InputBox"]("PasswordWindow", "Please enter a password", "");
PasswordField["SetText"](Project["Variables"].PasswordVar);
} -
You can create a user form and use it to enter a password. This approach is more complicated, since creation of user forms requires additional skills. See the following tutorial:
Note that both these methods imply that the test will not be fully automatic. Therefore, if you plan automatic testing, use other approaches described in sections above.
See Also
Advanced Tasks
Using Variables
TestComplete Command Line
Script Extensions
User Forms