DEVHIDE
Login Or Sign up

Best ways to store sensitive data

1.5k Views Asked by At

I am trying to find the safest and best way to save and read a password or sensitive data for use in a Selenium test automation written in C#.

Requirements :

  • Password is not allowed to be visible in the code or any file by only opening it.
  • Co workers should be able to use it without putting too much work into making it run (KeePass would work, as the users need 2 files (key and key-database) to read the password).
  • We use Bitbucket to upload the solutions or branches. Bitbucket runs all the code, even the tests without the need of Visual Studio (SonarQube and so on). We can upload the .key files (for example from KeePass) to decrypt the passwords.

Methods I found :

  • Encryption and Decryption: Id say it's the most common method. This isn't something the company wants to use, as it's too easy to decrypt a ciphertext when encryption method is known.

  • Environment Variables: Seems to be safe. The sensitive data is stored in the Windows environment variables and you can use it only locally. The problem is co-workers need to add the variables in Windows and we use Bitbucket to upload our solutions onto the server in which we can start the automation tests without using Visual Studio. Not sure if this would be possible.

  • KeePass: Seems to be the safest way. The user needs 2 files (Database.key and Database.kdbx) to access the passwords. But there's only one question which could help me to set up KeePass in C#. But there are Nuget packages in Visual Studio for KeePass.

  • Cryptography (symmetric algorithms): A Microsoft video about different kinds of cryptography in .NET core mentioned the symmetric algorithm which seems to work similar to KeePass. To decrypt ciphertext the users need a secret key. Not sure if I can use this.

c# encryption password-encryption encryption-symmetric keepass
Original Q&A
2

There are 2 best solutions below

4
Branko Dimitrijevic On

Take a look at ProtectedData class, which is a wrapper around Windows DPAPI (Data Protection API). It can be used to encrypt data per Windows user1, so other users can't decrypt it.

Obviously, if somebody can log-in as the same Windows user (who encrypted the data through DPAPI), they can decrypt the data by just asking DPAPI to do it for them. But if you trust the Windows user and he/she is not breached (at which point you probably have bigger problems), this should be a decent solution for testing.

EDIT: I'm not sure how this would work under bitbucket. I'll leave the answer here in case somebody finds it helpful...

1 DataProtectionScope.CurrentUser

0
Beardy On

Im using KeePass which works great for my Selenium tests. The Nuget package to read data from KeePass in .NET6 is: Nuget KPCLib.

This was the easiest and fastest way how to store and read sensitive data without a cloud service.

Related Questions in C#

Related Questions in ENCRYPTION

Related Questions in PASSWORD-ENCRYPTION

Related Questions in ENCRYPTION-SYMMETRIC

Related Questions in KEEPASS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.