SOAP-UI - how to externalize or encrypt passwords in a project

Question

I have a project with some SOAP interfaces configured to test my backends.

To be able to transfer the credentials, I had the choice either to:

1. Put a soap header <soapenv:Header>...</soapenv:Header> containing username and password But in this case, I have to declare it in all Request and it is not dynamic as the credentials changes for the different endpoint configured (environments)

2. Create a Outgoing WS-Security Configurations for all my environment and associate them in the Endpoint configuration of each Interface
   That way it will switch credentials easily and automatically whatever endpoint used. In this configuration I can also define not to generate a nonce, other ways it generate it automatically and the server does not accept it.

Now I have a little security problem. My SOAP-UI is in a git repository and if I just open the project xml file, I can see my passwords in clear text.

I tried to use Hashed password but:

1. The server does not allows this: it needs the password in PasswordText format
2. I think the Hash is base64 encoded, then not secured

Is there any way to externalize the password (they can be stored in a local plaintext file) or to be encrypted in the project.xml file?

I am using SOAP-UI Open source version (not PRO) in version 5.2.0 and from the user interface and not with Maven or any other tool.

Answer 1

You can using global properties. To do so you need first to define a external file for example a file called soapuiProperties.txt.

Inside this file put both properties:

myProject.username=yourUserName
myProject.password=yourPassword

Then configure your WS-Security configuration setting and set ${myProject.username} as username, and ${myProject.password} as password (you don't see the password text because the UI field has a mask but don't worry if you put correctly the property then SOAPUI replace it for the correct value in the property file anyway).

Finally you've to pass the file to the SOAPUI, so edit SOAPUI_HOME\bin\soapui.bat an add the follow -Dsoapui.properties=soapuiProperties.txt to the JAVA_OPTS:

set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx256m -Dsoapui.properties=soapuiProperties.txt

And that's all, then when you apply WSSSettings to your request you'll see the correct values get it from the property file.

You can see more info at SOAPUI documentation here

EDIT

In new versions at least with 5.2.1 seems easier, by default SOAPUI is configured to load SOAPUI_HOME\bin\soapui.properties by default. So create this file and add the properties here, You've to do the rest of the steps but you can avoid to edit the soapui.bat.

Hope this helps,