Encode sensitive data

You can mask or encrypt passwords and other confidential data, and use the encoded strings in your script with the unmask and decrypt functions. During replay, the DevWeb engine uses the original plain-text values, while displaying an encoded string in the script. You can also encode strings in the runtime settings (rts.yml) file.

The DevWebUtils utility enables you to generate the encoded strings to add to your scripts.

Mask data

DevWeb enables you to mask a single string or a list of values in your script.

Tip: For a more secure option, see Encrypt data.

To mask data in your script:

Note: DevWebUtils uses mask mode by default.

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the relevant command:

    • To mask a single string in your script, run:

      DevWebUtils PlainText

    • To mask a list of values using a text file, run:

      DevWebUtils -input=folder\plainTextFile.txt -output=folder\maskedTextFile.csv

      Parameters:

      input

      The location of the file containing plain text for masking. Use a new line to separate values.

      output The output file, in CSV format, containing the masked text.
  3. Copy and paste the encoded string into your script in an unmask function, using the format load.unmask(<masked_data>).

    Example:

    load.setUserCredentials({
        username: "user",
        password: load.unmask("QWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVzIQ=="),
        host: "*"
    });
    

Back to top

Encrypt data

You can encrypt a single string or a list of values in your script. This is a more secure option than masking data.

For encryption, the DevWeb engine uses an AES 256-bit key (64 hex characters).

Note: If your script includes encrypted data, then you have the option in LoadRunner Cloud to create a script key that includes the encryption key, and link it to the script. For details, see the information on script keys in the LoadRunner Cloud Help Center.

To encrypt data in your script:

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the DevWebUtils tool to create the encryption you need:

    • To encrypt a single string in your script, run:

      DevWebUtils -mode=enc -keyLocation=folder/keyFile.txt PlainText

    • To encrypt a list of values using a text file, run:

      DevWebUtils -mode=enc -keyLocation=folder/keyFile.txt -input=folder/plainTextFile.txt -output=folder/encryptedTextFile.csv

    Parameters:

    mode=enc

    Mode for encrypting plain text using the encryption key.

    keyLocation

    The location of the file containing an AES 256-bit key.

    Note: We recommend using your own key. If you do not have one available, you have the option to generate a key with DevWebUtils. For details, see To generate an AES 256-bit key:

    input

    The location of the file containing plain text for encryption. Use a new line to separate values.

    output The output file, in CSV format, containing the encrypted text.
  3. Copy and paste the encoded string into your script in a decrypt function, using the format load.decrypt(<encrypted_data>).

    Example:

    load.setUserCredentials({
        username: load.decrypt("TGF1bmNoIGV2ZXJ5IFpJRyE="),
        password: load.decrypt("TWFrZSB5b3VyIHRpbWU="),
        host: "*"
    });
    
  4. Run the DevWeb script from the terminal window, including the key location:

    DevWeb -keyLocation=folder/key.txt C:/ScriptDirectory

Note: You can also define the key location for data decryption during replay, using the rts.yml. In the encryption area, edit the property keyLocation: "" . The format is: "folder/keyFile.txt".

For information on customizing the rts.yml file, see Customizing runtime settings.

To generate an AES 256-bit key:

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the relevant command:

    • To generate a key secured with a passphrase, run:
    DevWebUtils -mode=genKey -keyLocation=folder/generatedKey.txt Passphrase
    • To generate a randomized key, run:

      DevWebUtils -mode=genKey -keyLocation=folder/randomizedKey.txt

Back to top

Mask and encrypt data in runtime settings

If the rts.yml file for your script includes confidential data, for example, the proxy server password, you can mask or encrypt the information in the file. During runtime, the DevWeb engine will use the actual values.

Create the masked or encrypted string, as described above, then use one of the following syntaxes in the script's local rts.yml file:

  • To unmask a masked value: Unmask(<masked_data>)
  • To decrypt an encrypted value: Decrypt(<encrypted_data>)

For information on customizing the rts.yml file, see Customizing runtime settings.

Tip: If your script contains strings that are prefixed with the text Unmask, Decrypt, or AsIs, you can use this syntax in the rts.yml file to instruct the DevWeb engine to handle the value as plain text: AsIs(<plain_text>)

Back to top

See also: