Tokens

Tokens are a mechanism to pass configuration parameters to plugins securely and easily. The token mechanisms also enable data segregation. For example, the secret token allows you to store passwords in vaults. The framework reads the password and directly passes it to the respective plugin without exposing it to the test collections or any other plugin.

Supported Tokens

The following tokens are currently supported.

SECRET Token

Pass secrets to the plugin. The token is used to read a Key-Value secret from HashiCorp's Vault. Only version 2 secrets are supported. VAULT_ADDR and VAULT_TOKEN environment variables are used to get the address of the vault service and the token to be used for authenticating with it. For further details, please see the Vault Setup section.

Format:

secret://<engine name>.<key>.<field>

e.g. if we use secret://secret.ldap.password in the LDAP plugin actor configuration, then the framework would try reading the password from the vault under the LDAP path in the secret mount point. If successful, it would replace the token with the secret in the value field of params.

FILE Token

Pass file contents to the plugin.

Format:

file://<Path_to_file_including_the_file_name>

e.g., if we use file:///home/freddy/ca.cert, then the framework would try reading the file /home/abhispra/ca.cert and replace content in the configuration file before sharing it with the plugin.

ENV TOKEN

Pass the environment variable to the plugin.

Format:

env://<env variable name>

e.g., if we use env://LDAP1_URL, the framework would try reading the env variable LDAP1_URL and replace content in the configuration file before sharing it with the plugin.

Tokens

Supported Tokens​

SECRET Token​

FILE Token​

ENV TOKEN​

Supported Tokens

SECRET Token

FILE Token

ENV TOKEN