Skip to main content

Automatic secret download from Azure Key Vault

If you want to enable this feature, you must set the following properties in your Pumpo5 configuration file:

azure.secrets.replace=true
azure.secrets.prefix="#{"
azure.secrets.suffix="}#"
azure.secrets.keyvault.url="https://vault-uri.vault.azure.net/"

Where azure.secrets.keyvault.url can be found in Azure Portal as Vault URI.

When you enable this, users running tests will be asked to authenticate with their Azure account using a device code:

AzureKeyVaultClient ====== AZURE KEY VAULT AUTHENTICATION REQUIRED ======
AzureKeyVaultClient Automatic secrets download from Azure is enabled
AzureKeyVaultClient To disable automatic secret downloads, update Pumpo5 configuration and set 'azure.secrets.replace' to false
AzureKeyVaultClient Log in at https://microsoft.com/devicelogin and enter the code: C6UXRB3AE
AzureKeyVaultClient =====================================================

After successful authentication, a file auth_record.json will be saved at the root of the project. This file doesn't contain any sensitive information, but it is used to store info about the user to allow for automatic re-authentication in the future.

To use secrets, simply add the secret name in the format #{secret-name}# to the config file (where #{ and }# are equal to what you set as prefix and suffix). Config will replace the secret on the fly with the actual value from Azure Key Vault.

For example, you config.conf

website.password="#{website-password}#"

azure.secrets.replace=true
azure.secrets.prefix="#{"
azure.secrets.suffix="}#"
azure.secrets.keyvault.url="https://vault-uri.vault.azure.net/"

And in your test, you can use the secret


    @Test
    public void websiteTest(Firefox0 webApplication) {
        var password = webApplication.getConfig().get("website.password"); // password is downloaded from azure key vault
        // ... rest of the test