In Selenium Projects, Do Not Keep Sensitive Information in the Code Base

Each test automation project uses sensitive information.

It may be a username and password to login to a site.

Or a connection string and domain account to connect to a SQL database.

Or Azure Cloud credentials.

Where should this info be kept?

There are a few options.

---

Keep the sensitive info in the code

This is obviously the worst option.

The sensitive information is safe when you are the only one that can access the code. But as soon as you commit the code to source control, anyone can see it.

---

Keep the sensitive info in a property file

This is similar to keeping it in the code.

As soon as the property file is in source control, it is outside of your control who can see its contents and who cannot.

You may exclude the property file from source control in which case the sensitive information is secure.

But in this situation, the management of the property file becomes very complex.

For other people to be able to run your code, you have to explain them that

• a property file is needed

• where the property file should be located

• what properties should be in the file?

And when you want to run the automated tests in CI/CD, you will have to somehow create a property file on the fly so the code can use it.