Encode sensitive data

You can mask or encrypt passwords and other confidential data or files. You then use the encoded strings in your script with the unmask and decrypt functions. During replay, the DevWeb engine uses the original plain-text value, while displaying an encoded string in the script.

You can also encode strings in the runtime settings (rts.yml) file.

The DevWebUtils utility enables you to generate the encoded strings to add to your scripts.

Mask data

DevWeb enables you to mask single strings in your script. You can also mask a list of values in a file, or all the files in a folder.

Tip: For a more secure option, see Encrypt data.

To mask data in your script:

Note: DevWebUtils uses mask mode by default.

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the relevant command:

    • To mask a single string in your script, run:

      Copy code
      DevWebUtils PlainText
    • To mask a list of values using a text file, run:

      Copy code
      DevWebUtils -input=folder\plainTextFile.txt -output=folder\maskedTextFile.csv
    • To mask all files in a folder, run:

      Copy code
      DevWebUtils -input=folder -output=folder

    Parameters:

    input

    The location of the plain text file, or folder containing plain text files, for masking. Use a new line to separate values.

    output The output file or folder containing the masked text. The output files are in CSV format.
  3. Copy and paste the encoded strings into your script in an unmask function, using the format load.unmask(<masked_data>).

    Example:

    Copy code
    load.setUserCredentials({
        username: "user",
        password: load.unmask("QWxsIHlvdXIgYmFzZSBhcmUgYmVsb25nIHRvIHVzIQ=="),
        host: "*"
    });

    Another option is to access encoded values in files as parameters.

Back to top

Encrypt data

You can encrypt single strings in your script. You can also encrypt a list of values in a file, or all the files in a folder. This is a more secure option than masking data.

For encryption, the DevWeb engine uses an AES 256-bit key (64 hex characters).

Note: If your script includes encrypted data, then you have the option in LoadRunner Cloud to create a script key that includes the encryption key, and link it to the script. For details, see the information on script keys in the LoadRunner Cloud Help Center.

To encrypt data in your script:

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the DevWebUtils tool to create the encryption you need:

    • To encrypt a single string in your script, run:

      Copy code
      DevWebUtils -mode=enc -keyLocation=folder/keyFile.txt PlainText

    • To encrypt a list of values using a text file, run:

      Copy code
      DevWebUtils -mode=enc -keyLocation=folder/keyFile.txt -input=folder/plainTextFile.txt -output=folder/encryptedTextFile.csv

    • To encrypt all files in a folder, run:

      Copy code
      DevWebUtils -mode=enc -keyLocation=folder/keyFile.txt -input=folder -output=folder

    Parameters:

    mode=enc

    Mode for encrypting plain text using the encryption key.

    keyLocation

    The location of the file containing an AES 256-bit key.

    Note: We recommend using your own key. If you do not have one available, you have the option to generate a key with DevWebUtils. For details, see To generate an AES 256-bit key:

    input

    The location of the plain text file, or folder containing plain text files, for encryption. Use a new line to separate values.

    output The output file or folder containing the encrypted text. The output files are in CSV format.
  3. Copy and paste the encoded string into your script in a decrypt function, using the format load.decrypt(<encrypted_data>).

    Example:

    Copy code
    load.setUserCredentials({
        username: load.decrypt("TGF1bmNoIGV2ZXJ5IFpJRyE="),
        password: load.decrypt("TWFrZSB5b3VyIHRpbWU="),
        host: "*"
    });

    Another option is to access encrypted values in files as parameters.

  4. Run the DevWeb script from the terminal window, including the key location:

    Copy code
    DevWeb -keyLocation=folder/key.txt C:/ScriptDirectory

Note:

  • You can also define the key location for data decryption during replay, using the rts.yml. In the encryption area, edit the property keyLocation: "" . The format is: "folder/keyFile.txt". For information on customizing the rts.yml file, see Customize runtime settings.

  • Instead of defining key location, you can pass the value for the encryption key directly on the command line. Run the DevWeb script using the argument DevWeb.exe -keyword=<key> <script directory>. For details on executing scripts, see Execute DevWeb scripts.

To generate an AES 256-bit key:

  1. In a terminal window, change to the DevWeb root directory.
  2. Run the relevant command:

    • To generate a key secured with a passphrase, run:

      Copy code
      DevWebUtils -mode=genKey -keyLocation=folder/generatedKey.txt Passphrase
    • To generate a randomized key, run:

      Copy code
      DevWebUtils -mode=genKey -keyLocation=folder/randomizedKey.txt

Back to top

Mask and encrypt data in runtime settings

If the rts.yml file for your script includes confidential data, for example, the proxy server password, you can mask or encrypt the information in the file. During runtime, the DevWeb engine uses the actual values.

Create the masked or encrypted string, as described above, then use one of the following syntaxes in the script's local rts.yml file:

  • To unmask a masked value: Unmask(<masked_data>)
  • To decrypt an encrypted value: Decrypt(<encrypted_data>)

For information on customizing the rts.yml file, see Customize runtime settings.

Tip: If your script contains strings that are prefixed with the text Unmask, Decrypt, or AsIs, you can use this syntax in the rts.yml file to instruct the DevWeb engine to handle the value as plain text: AsIs(<plain_text>)

Back to top

See also: