In case you use Azure AD or other SSO clients in your tests, you might have used and kept the test user credentials in the code. This is of course not ideal and it is preferred to keep the secrets out of the repository before the senior gets to review it and lose it:
or Cyber security teams approach you:
Create ignore cypress.env.json file
First things first, if you have your secrets defined in Cypress environment like this:
{
"env": {
"client_id": "********************",
"client_secret": "********************",
"viewer": {
"username": "********************",
"password": "********************"
},
"editor": {
"username": "********************",
"password": "********************"
},
"admin": {
"username": "********************",
"password": "********************"
}
}
}take them out of the cypress.json or cypress.config.ts file into a separate file named cypress.env.json.
{
"client_id": "********************",
"client_secret": "********************",
"viewer": {
"username": "********************",
"password": "********************"
},
"editor": {
"username": "********************",
"password": "********************"
},
"admin": {
"username": "********************",
"password": "********************"
}
}then git ignore it so it is never committed.
# environment
cypress.env.jsonCreate and use the secret file in the CI
and create a secret file in your Jenkins
Now, before you will run the tests in your CI build, you actually need to copy this secret file into your workspace in the Jenkins file:
stage('Run Cypress Tests') {
steps {
withCredentials([file(credentialsId: 'CYPRESS_ENVIRONMENT', variable: 'CYPRESS_ENVIRONMENT')]) {
writeFile file: 'cypress.env.json', text: readFile(CYPRESS_ENVIRONMENT)
...run the tests here...
}
}
}Conclusion
It can be a bit annoying to store a whole file, but at least your environment secrets can enjoy some privacy, right?
