Hi Derek, On Sat 22 Sep 2018 at 09:19 -0700, Derek Sisson wrote: > I currently use a local yaml file, with passwords keyed to account ids, > along with a data model of users in the codebase keyed to the same IDs. My > conftest queries the yaml file with the ids to grab the passwords, and it's > set up to throw exceptions if there is anything out of sync between the > data model and the yaml file data. > > Cumbersome, but works.... locally. I need to port the framework to Jenkins, > so I need a better and secure system. > > Suggestions on better ways of managing passwords and secrets in a > pytest/jenkins context?
This isn't really a pytest question to be fair. It's just that you happen to stumble into secrets management via testing, which is certainly one common way of discovering this rabbit hole. The simple version which is still somewhat sub-optimal is pass the secrets via environment variables or something, for Jenkins specifically you should probably look at it's Credentials Binding plugin or so. The full-blow solution is to use something like vaultproject.io to manage secrets. Obviously this is a fair amount of work but you'll get good secrets management at the end. Cheers, Floris _______________________________________________ pytest-dev mailing list pytest-dev@python.org https://mail.python.org/mailman/listinfo/pytest-dev
