Encrypting Sensitive Data in Test Automation
Encryption can safeguard sensitive data, like passwords, credit card numbers, and personally identifiable information (PII), from unauthorized access. This is vital in test automation, where such data may be used to test applications that handle this information. Encrypting sensitive data reduces the risk of data breaches since it makes it more challenging for attackers to steal such data. One disadvantage to this approach is that the encryption key must be kept secure, as a compromised key could allow decryption of the user credentials. Additionally, the encrypted user credentials must be hardcoded into the test script, which can make it more difficult to maintain and update.
To ensure secure user credentials, the test uses the CryptoJS library to encrypt and decrypt values. CryptoJS is a JavaScript library that offers a range of cryptographic algorithms, including AES encryption. To use AES encryption with CryptoJS, call the CryptoJS.AES.encrypt() function, which takes two parameters: the data you want to encrypt and the encryption key. The encryption key is a secret value used to encrypt and decrypt the data. The encrypted data is stored in ciphertext format, which is unreadable by anyone who doesn't have the encryption key.
To encrypt user credentials, call CryptoJS.AES.encrypt(data, "mySecretKey"). The resulting encrypted values are hardcoded into the test and stored in the UName and Password fields. These fields are then filled into the corresponding fields on the login page.
To ensure proper decryption of the encrypted values, the getDecryptedValue function is implemented. This function decrypts the provided data using process.env.SECRET_KEY the decryption key. If SECRET_KEY is not available in the environment, the function falls back to using 'NO_KEY'. By implementing this function, the test ensures that encrypted values can be decrypted only by authorized users, adding an extra layer of security to the login process.
import { test, expect } from '@playwright/test';
import CryptoJS from 'crypto-js';test('test', async ({ page }) => {
const UName = "U2FsdGVkX18+KAUOuQyChuFLZDIftAioLNiXMkw6eLQ=";
const Password = "U2FsdGVkX1+U3Nnh0JLpfbQoBeQFtnyMnlShVpS1BgtH3lUNOxH40cAiP7/06O1/"; const decryptedUName = getDecryptedValue(UName);
const decryptedPassword = getDecryptedValue(Password); await page.goto('<https://the-internet.herokuapp.com/login>');
await page.getByLabel('Username').fill(decryptedUName);
await page.getByLabel('Password').fill(decryptedPassword);
await page.getByRole('button', { name: ' Login' }).click();
await page.getByRole('link', { name: 'Logout' }).click();
});function getDecryptedValue(data: string): string {
const decryptedData = CryptoJS.AES.decrypt(data, process.env.SECRET_KEY || 'NO_KEY');
return decryptedData.toString(CryptoJS.enc.Utf8);
}
My recent publication compiled a comprehensive collection of 100 similar typescript programs. Each program not only elucidates essential Typescript concepts and expounds upon the significance of test automation but also provides practical guidance on its implementation using Playwright. This resource will undoubtedly be valuable if you look deeper into similar topics.
