A script has been written to access a website programatically(sending a get request) that requires user login credentials, and so the same has been hardcoded in the script.Is there a way in python to hide these credentials from the test script?
You could use something like this:
https://github.com/microsoft/Windows-universal-samples/tree/master/Samples/PasswordVault
Alternatively, if your script is only going to run on one server, you could keep the credentials in the environment variables on that machine and make the script refer to those variables.
Related
I am writing test cases using selenium in python for a website, and am having trouble finding the best way to pass a correct login for each scenario. Currently I am using a wait and manually typing in the account information every time:
#given('I wait for input of correct credentials')
def step_impl(context):
WebDriverWait(context.driver, 20).until(
expected_conditions.visibility_of_elements_located(
BasePageLocators.SIDEBAR)
)
Is there a better way without having to send the information in my code? Preferably one that involves no manual input
While this article was written specifically to address how to handle SauceLabs-related creds, there's no reason you can't use the same method.
You take the credentials and store it outside of your code, e.g. in a Windows Environment variable, some local file, or the like. That way people with access to your repo don't have access to your credentials. It also allows each user to set up their own local credentials so that everyone can use their own credentials without modifying the scripts.
You can invoke send_keys() method directly once the WebDriverWait returns the element as follows:
WebDriverWait(context.driver, 20).until(
expected_conditions.visibility_of_elements_located(
BasePageLocators.SIDEBAR).send_keys("Allan Blackmar")
I got an idea to use users password and a local key to decrypt a dm-crypt partition with user home directory (and to mount it as a home).
But here is a problem: how can I get such script to be executed? It should be executed after successful authorization but before actual login, and it should have access to freshly inputted password.
Does someone know where to put such script?
This is a pretty common problem with a simple solution -- you use pam module.
Here is one example:
https://wiki.archlinux.org/index.php/Dm-crypt/Mounting_at_login
I have a PHP application, with Usernames and Public SSH Keys in it. I would like to use these accounts as the user back end of openssh.
I think I need to use pam_exec and a PHP/Bash script. I've written a php script that I can execute at CLI (The shebang sets an env of php executable). If I need to wrap this in a bash script instead to access environment variables I can do that. The script currently takes a username as its first and only parameter like so:
/opt/scripts/my-auth-script.php user_to_look_for
The script will exit zero on success (the user exists) or exit 1 if not. It currently echoes OK or Failed also but I can easily turn that off.
So, my question is, how do I have pam_exec call my script to look for user accounts, before looking on the actual host system for user accounts?
I've got it working. The way to do this is to set the AuthorizedKeysCommand and AuthorisedKeyUser settings of openssh in sshd_config. There is a caveat, the reason that github and others provide ssh as a service through a single login user shared among customers is that the user being called must be resolvable by the system being logged into, so they muxt exist locally, or the user db must be connected to a remote source like LDAP, which would also then have to be integrated into the application.
The way to get around this though, is that the AuthorizedKeyCommand can take parameters, %u for username, and also in this case %k for key or %f for sha256 fingerprint of the key. Then, that script can ignore the generic username it was given, and then just check the database for a match for the key or fingerprint. If we find it, we have the user for that key and successful authentication. If not we dont.
My goal:
To Run PowerShell as an Administrator, which requires admin authentication in our environment, and to store those credentials in a variable to be used by the script run in that session.
In case that's not enough info:
I am writing a script which uses the username of the admin running the script in a variable (for logging).
I don't want to make the admins who will run this script have to log in twice. Our environment is set up so when one runs Powershell as Administrator he is prompted for admin credentials. I don't want to have the script prompt for credentials a second time to store them in variable.
$env:USERNAME doesn't help me because I don't want the username logged into the computer, I want the admin username used to run the script.
How can I accomplish this?
The closest I've come so far is running the following in standard PowerShell session:
$AdminCred = Get-Credential
Start-Process powershell -Credential $AdminCred -ArgumentList "-file c:\ScriptName.ps1"
...but that leaves me with two problems:
1) Im running PS with Admin rights, but it not the same as "Running as Administrator" in that my
#Requires -RunAsAdministrator
line rejects it. and
2) This opens a new PS window and my $AdminCred variable is not stored there.
Seems relatively simple, but I'm still pretty new at this PS game.
Really appreciate whatever help I can get...
First you store password as secure string and store username and password in one variable using system.management.automation after pass that variable to authenticate
I'm completely new to boxen (and puppet) and I want to prompt a user for a password during set up. I need to encrypt the input and add it to a config file.
I'll be using a template to generate the file, but getting the password is a little tricky since puppet wont write to console when executing code inside of a template.
I've considered doing this using a ruby or shell script to prompt the user and then store the password in an environment variable to use later in the template, but I don't know if this is the best or most secure way to do this.
Any suggestions? is there a "best practice" for doing this sort of thing with boxen/puppet?
You can use hiera and encrypt hiera data using the hiera-gpg or hiera-eyaml backend
Other option is to use facter with environment variables FACTER_MYPASSWORD or external facts under /etc/facter/facts.d