DEV Community

DEV Community is a community of 579,250 amazing developers

We're a place where coders share, stay up-to-date and grow their careers.

Create new account Log in
loading...
Cover image for How to protect sensitive data with Cypress

How to protect sensitive data with Cypress

#cypress #testing #automtion #e2e
walmyrlimaesilv profile image Walmyr Filho Updated on ・2 min read

Today, in “pinches of Cypress”, learn how to protect credentials, such as username and password

The scenario is as follows. We have an end-to-end test for login functionality, and several other tests also depend on the user being logged in as a precondition.

However, it is bad practice to version credentials, such as username and password.

An alternative that I have used several times to solve this problem is the use of the cypress.env.json file (when working in a local development environment).

Such a file allows us to store sensitive data (for example), but we do not version it (that is, it is included in the .gitignore file).

Let's look at a practical example.

The cypress.env.json file would look like this:

{
  "user_name": "admin",
  "user_password": "s3creT-p@ssw0rd"
}
Enter fullscreen mode Exit fullscreen mode

Remember that this file would only be available on my computer. And if other developers use another username and password on their computers, the credentials would be different but also not versioned.

And the login test would look like this:

describe('Login', () => {
  it('successfully', () => {
    cy.visit('https://example.com/login')

    cy.get('#user').type(Cypress.env('user_name'))
    cy.get('#password').type(Cypress.env('user_password'))
    cy.contains('Login').click()

    cy.get('.navbar-top .avatar')
      .should('be.visible')
  })
})
Enter fullscreen mode Exit fullscreen mode

Tada! 🎉

That way, I don't expose such sensitive data, and my tests can still log in.

Besides, such an approach gives us the advantage of being able to expose such credentials as environment variables (prefixed by CYPRESS_ or cypress_) in continuous integration services, which perform tests against environments other than our local environment.

That is, sensitive data is protected, and we can run the same tests in different environments (local, staging, production, etc.) 💯

I'm curious. What do you think about the series?

I'm looking forward to hearing your feedback!

This post was originally published in Portuguese on the Talking About Testing blog.

Would you like to learn about test automation with Cypress? Get to know my online courses on Udemy.

Spoiler: in 2021, there will be an API testing with Cypress course at the Talking About Testing school. Stay tuned!

Discussion (0)

pic
Editor guide

Read next

jamescryer profile image

Mocking components in Jest

James -

mhmdlotfy96 profile image

Testing a REST API in Node JS with Express using Mocha and Chai 😎

muhammed Lotfy -

jphutchins profile image

Update Python unittest with asyncio tests for aiohttp and more

J.P. Hutchins -

alxgrk profile image

TIL: Connecting to the host from Testcontainers

Alexander Girke -