Working With Passwords and Other Sensitive Data

Applies to TestComplete 14.40, last modified on April 22, 2021

Your tests can use sensitive information, for example, password, card numbers and so on. This information need to be secure. We do not recommend specifying such information directly in your tests, where it is shown and stored as plain text. This topic describes secure ways of storing and retrieving sensitive information used in tests.

Password Variables

To work with passwords and other sensitive data, you can create a special Password variable type. You can create keyword test, project or project suite variables of this type. You can enter a variable value manually from the variables page, or prompt the user to enter a password during the test run. The value you specify for this variable is encrypted and stored in project files, it is not displayed in TestComplete. There is no way to change these variables, you can only reset them. The value stored in a password variable can be retrieved only with the SetText and Keys methods. If you try to retrieve it in any other way, the variable will return a special moniker and the variable path. You cannot use these variables to pass secure information to other methods or databases. If you enter values using these variables, the entered text will not be posted to the log, and the captured image will not contain the entered text.

The following example demonstrates how to use a Password variable to simulate a password input:

JavaScript, JScript

PasswordField.SetText(Project.Variables.PasswordVariable1);

Python

PasswordField.SetText(Project.Variables.PasswordVariable1)

VBScript

PasswordField.SetText(Project.Variables.PasswordVariable1)

DelphiScript

PasswordField.SetText(Project.Variables.PasswordVariable1);

C++Script, C#Script

PasswordField["SetText"](Project["Variables"].PasswordVariable1);

Note that when you use the SetText or Keys method to input value stored by a password variable in your application under test, TestComplete does not post the value to the test log.

Recording Passwords

If you type passwords into the appropriate controls (for example, Developer Express PasswordBoxEdit, JavaFX PasswordField, and so on) during test recording, TestComplete automatically saves their values to the project Password variables. It allows you to protect your passwords when testing.

Password variables are created by using the SetText operation or method for keyword and script tests respectively:

Recording Passwords

Click the image to enlarge it.

When the recording is finished, the password values are stored as the password variables and their actual values are displayed neither in the recorded tests nor on the Variables page of your project.

If your passwords are recorded as text stings and are not masked in tests, make sure the Tools > Options > Engines > Recording > Record text input into simple editors as option is set to SetText (the default value).

Storing Sensitive Data in External Storage

You can use the third-party SecureStringStorage script extension that allows storing and reading data from an SH1 encrypted file. You can download the extension and see the example of working with it here:

Work with encrypted data storage

The SecureStringStorage script extension requires the .NET Classes Support plugin. To use the plugin, you must have a license for the TestCompleteDesktop module.

Passing Data via Command Line

You can pass secure data as command line arguments to TestComplete and then get the command line arguments from tests using the BuiltIn.ParamStr and BuiltIn.ParamCount methods. The following example gets the last attribute from the command line and passes it to the SetText method:

JavaScript, JScript

function PasswordArg()
{
  var nArgs = BuiltIn.ParamCount();
  PasswordField.SetText(BuiltIn.ParamStr(nArgs));
}

Python

def PasswordArg():
  nArgs = BuiltIn.ParamCount()
  PasswordField.SetText(BuiltIn.ParamStr(nArgs))

VBScript

Sub PasswordArg
  Dim nArgs

  nArgs = BuiltIn.ParamCount
  PasswordField.SetText(BuiltIn.ParamStr(nArgs))
End Sub

DelphiScript

procedure PasswordArg;
var nArgs;
begin
  nArgs := BuiltIn.ParamCount;
  PasswordField.SetText(BuiltIn.ParamStr(nArgs));
end;

C++Script, C#Script

function PasswordArg()
{
  var nArgs = BuiltIn["ParamCount"]();
  PasswordField["SetText"](BuiltIn["ParamStr"](nArgs)); }

Ask User to Enter Password

You can ask the user to enter a password. This can be done in different ways. You can either wait until the test execution reaches certain point and then ask the user to enter a password to proceed, or you can ask the user to specify all the required passwords before the test starts, store them to Password variables and use them when needed. You can ask the user to enter a password in two ways:

  • You can use the BuiltIn.InputBox method to prompt for a password. This is the easiest way, since it does not require additional skills. The sample code below prompts the user to enter a password, stores the password to the Password project variable and then uses it to enter the password in the password field.

    JavaScript, JScript

    function Test()
    {
      Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "");
      PasswordField.SetText(Project.Variables.PasswordVar);
    }

    Python

    def Test():
      Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "")
      PasswordField.SetText(Project.Variables.PasswordVar)

    VBScript

    Sub Test()
      Project.Variables.PasswordVar = BuiltIn.InputBox("PasswordWindow", "Please enter a password", "")
      PasswordField.SetText(Project.Variables.PasswordVar)
    End Sub

    DelphiScript

    procedure Test;
    begin
      Project.Variables.PasswordVar := BuiltIn.InputBox('PasswordWindow', 'Please enter a password', '');
      PasswordField.SetText(Project.Variables.PasswordVar);
    end;

    C++Script, C#Script

    function Test()
    {
      Project["Variables"].PasswordVar = BuiltIn["InputBox"]("PasswordWindow", "Please enter a password", "");
      PasswordField["SetText"](Project["Variables"].PasswordVar);
    }

  • You can create a user form and use it to enter a password. This approach is more complicated, since creation of user forms requires additional skills. See the following tutorial:

    TestComplete Security: Entering Sensitive Data

Note that both these methods imply that the test will not be fully automatic. Therefore, if you plan automatic testing, use other approaches described in sections above.

See Also

Advanced Tasks
Using Variables
TestComplete Command Line
Script Extensions
User Forms

Highlight search results