Encode sensitive data

You can mask or encrypt passwords and other confidential data, and use the encoded strings in your script with the unmask and decrypt functions. During replay, TruWeb uses the original plain-text values, while displaying an encoded string in the script. You can also encode strings in the rts.yml file.

The TruWebUtils utility enables you to generate the encoded strings to add to your scripts.

This functionality is supported from version: 2018.11.4.

Mask data

TruWeb enables you to mask a single string or a list of values in your script.

Tip: For a more secure option, see Encrypt data.

To mask data in your script:

Note: TruWebUtils uses mask mode by default.

  1. In a terminal window, change to the TruWeb installation directory.

  2. To mask a single string in your script, run:

    TruWebUtils PlainText

  3. To mask a list of values using a text file, run:

    TruWebUtils -input=folder\plainTextFile.txt -output=folder\maskedTextFile.csv

    Parameters:

    input

    Location of file containing plain text for masking. Use a new line to separate values.

    output Output file, in CSV format, containing the masked text.
  4. Copy and paste the encoded string into your script in an unmask function, using the format load.unmask(<masked_data>).

    For example:

Back to top

Encrypt data

TruWeb enables you to encrypt a single string or a list of values in your script. This is a more secure option than masking data.

For encryption, TruWeb uses an AES 256-bit key (64 hex characters).

To encrypt data in your script:

  1. In a terminal window, change to the TruWeb installation directory.
  2. Run the TruWebUtils tool to create the encryption you need:

    • To encrypt a single string in your script, run:

      TruWebUtils -mode=enc -keyLocation=folder/keyFile.txt PlainText

    • To encrypt a list of values using a text file, run:

      TruWebUtils -mode=enc -keyLocation=folder/keyFile.txt -input=folder/plainTextFile.txt -output=folder/encryptedTextFile.csv

    Parameters:

    mode=enc

    Encrypts plain text using the encryption key.

    keyLocation

    Location of file containing an AES 256-bit key.

    Note: It is recommended to use your own key. If you do not have one available, you have the option to generate a key with TruWebUtils. See To generate an AES 256-bit key.

    input

    Location of file containing plain text for encryption. Use a new line to separate values.

    output Output file, in CSV format, containing the encrypted text.
  3. Copy and paste the encoded string into your script in a decrypt function, using the format load.decrypt(<encrypted_data>).

    For example:

  4. Run the TruWeb script from the terminal window, including the key location:

    TruWeb -keyLocation=folder/key.txt C:/ScriptDirectory

Note: You can also define the key location for data decryption during replay through the runtime settings (rts.yml). In the encryption area, edit the property keyLocation: "" . The format is: "folder/keyFile.txt".

For information on customizing the rts.yml file, see TruWeb script files.

To generate an AES 256-bit key:

  1. In a terminal window, change to the TruWeb installation directory.
  2. If you want to generate a key secured with a passphrase, run:

    TruWebUtils -mode=genKey -keyLocation=folder/generatedKey.txt Passphrase
  3. If you want to generate a randomized key, run:

    TruWebUtils -mode=genKey -keyLocation=folder/randomizedKey.txt

Back to top

Mask and encrypt data in runtime settings

If the rts.yml file for your script includes confidential data, for example, the proxy server password, you can mask or encrypt the information in the file. During runtime, TruWeb will use the actual values.

Create the masked or encrypted string, as described above, then use one of the following syntaxes in the script's local rts.yml file:

  • To unmask a masked value: unmask(<masked_data>)
  • To decrypt an encrypted value: decrypt(<encrypted_data>)

For information on customizing the rts.yml file, see TruWeb script files.

Tip: If your script contains strings that are prefixed with the text unmask, decrypt, or AsIs, you can use this syntax in the rts.yml file to instruct TruWeb to handle the value as plain text: AsIs(<plain_text>)

Back to top

See also: