Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Running tests with API authentication in Travis CI without exposing API passwords

I have a Rails app on Github that uses some external API that requires password authentication. Right now I have my credentials for that API in a file that is not in git and some integration tests that use VCR gem, so these tests always fail in Travis because they don't have the credentials for the API. I can't check my VCR cassettes into git because there is still my username in plain text and maybe some other data that would be better not to expose. I guess I could use plain webmock to emulate API responses but I think that would be too cumbersome and error prone.

Is there a way to write tests that use an external API with authentication that would still run on Travis, without exposing my API password on Github?

like image 521
meore Avatar asked Feb 13 '23 10:02

meore


2 Answers

Your can encrypt your Travis variables using the travis tool.

You encrypt your variable with travis encrypt FOO=<your passowrd/sensitive data here> This will print out something like: secure: "djfhfjriwjdncml2948328$+@jdjw"

Then you can use that variable in your envoirmental variables or anywhere else.

For example, if you copy that variable into the environment section, you can securely store your environmental variable.

env:
  - secure: "djfhfjriwjdncml2948328$+@jdjw"

Now,the environmental variable FOO Holds your password in a secure manner. To learn more you can read up on this here

like image 174
joshua-anderson Avatar answered Apr 28 '23 00:04

joshua-anderson


I can't check my VCR cassettes into git because there is still my username in plain text and maybe some other data that would be better not to expose.

VCR has support to filter out sensitive data like this:

https://relishapp.com/vcr/vcr/v/2-8-0/docs/configuration/filter-sensitive-data

like image 35
Myron Marston Avatar answered Apr 28 '23 02:04

Myron Marston