This is what I originally developed pytest-variables for (https://pypi.org/project/pytest-variables/ <https://pypi.org/project/pytest-variables/>). Maybe you’ll find that useful, but it sounds like you already have a similar solution. For Jenkins, we use the credentials plugin to store the variables files, and then reference them from the jobs via environment variables. See https://github.com/mozilla/mozillians-tests/blob/master/Jenkinsfile#L40 <https://github.com/mozilla/mozillians-tests/blob/master/Jenkinsfile#L40> and https://github.com/mozilla/mozillians-tests/blob/master/Jenkinsfile#L53 <https://github.com/mozilla/mozillians-tests/blob/master/Jenkinsfile#L53> for an example of where we use this in a Jenkins declarative pipeline.
> On 23 Sep 2018, at 19:47, Floris Bruynooghe <[email protected]> wrote: > > Hi Derek, > > On Sat 22 Sep 2018 at 09:19 -0700, Derek Sisson wrote: >> I currently use a local yaml file, with passwords keyed to account ids, >> along with a data model of users in the codebase keyed to the same IDs. My >> conftest queries the yaml file with the ids to grab the passwords, and it's >> set up to throw exceptions if there is anything out of sync between the >> data model and the yaml file data. >> >> Cumbersome, but works.... locally. I need to port the framework to Jenkins, >> so I need a better and secure system. >> >> Suggestions on better ways of managing passwords and secrets in a >> pytest/jenkins context? > > This isn't really a pytest question to be fair. It's just that you > happen to stumble into secrets management via testing, which is > certainly one common way of discovering this rabbit hole. > > The simple version which is still somewhat sub-optimal is pass the > secrets via environment variables or something, for Jenkins specifically > you should probably look at it's Credentials Binding plugin or so. > > The full-blow solution is to use something like vaultproject.io to > manage secrets. Obviously this is a fair amount of work but you'll get > good secrets management at the end. > > > Cheers, > Floris > _______________________________________________ > pytest-dev mailing list > [email protected] > https://mail.python.org/mailman/listinfo/pytest-dev
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ pytest-dev mailing list [email protected] https://mail.python.org/mailman/listinfo/pytest-dev
