Testing Considerations

Encrypting Test Secrets

Auth configurations used for testing can be encrypted, allowing them to be safely version controlled. The outbound REST request tutorial is a good example of a test where the backend secrets for the restRequest processor would benefit from encryption.

When registering encrypted values in a test, they must be enclosed in ENC(), as shown in the following example:

ctx.addFlowTestConfig {
    authConfig(
        BACKEND_AUTHENTICATION_KEY, mapOf(
            "userName" to user,
            "password" to "ENC($encryptedPassword)"
        )
    )

    ...
}

Generating Encrypted Values

The example project includes a Maven profile configuration to automatically generate encrypted values. Run the following command from the IntelliJ terminal to encrypt a given value with a given key:

mvn -P encrypt-secret -D uhSecretsKey=<encryption key> -D uhSecretsValue=<value>

If you are using IntelliJ’s embedded version of Maven, you will need to press Command + Enter on macOS or Ctrl + Enter on other OSs to execute the mvn command.

After running the command, the terminal will print the following information:

[INFO] Building Utilihive Flow Developer Example Project 1.0.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- exec-maven-plugin:3.0.0:java (encrypt-secret) @ flow-developer-example-project ---

Encrypted value: H/gYxr6XwOtPRwPTJK1YMhlC/Ve4eGB/yfMV4M0wnz/fsZYGOK8DIk/W8sCyitqq

The "encrypted value" is the value that would be used in the test’s authConfig.

If you are not using the example project, you can still copy the same Maven profile config into your project or write your own encryption utility with the help of the SDK’s SecretsEncryptor object. For example:

val encryptedValue = SecretsEncryptor.encryptSecret("encryption key", "value")
println("Encrypted value: $encryptedValue")

Storing Encryption Keys

The flow-server still needs access to the original encryption key in order to decrypt the test credentials. The key can be stored in one of the following places, starting from most to least secure:

Location Description

Location	Description
Environment variable	Create an environment variable in your OS called `UH_SDK_SEC_ENC_KEY`. Note that IntelliJ will need to be restarted any time changes are made to environment variables.
Local file	Create a file located at `$HOME/utilihive/.uhSdkSecEncKey`, where the contents of the file are the key. The file should only be readable by the developer user.
Java system property	Run the Java process with a custom system property called `UH_SDK_SEC_ENC_KEY`.

Environment variable

Create an environment variable in your OS called UH_SDK_SEC_ENC_KEY. Note that IntelliJ will need to be restarted any time changes are made to environment variables.

Local file

Create a file located at $HOME/utilihive/.uhSdkSecEncKey, where the contents of the file are the key. The file should only be readable by the developer user.

Java system property

Run the Java process with a custom system property called UH_SDK_SEC_ENC_KEY.

You’ll know the flow-server has recognized the key if the terminal prints the following on startup:

10:37:54.411 [INFO] SdkServerManager - Starting Utilihive flow-server..
10:37:54.447 [INFO] SdkServerManager - Started with encryption key: true

If the flow-server was already running before an encryption key was added or updated, the server will need to be restarted for the new key to take effect. Refer to the section on Troubleshooting for help on how to manually shut down the server.

Was this page helpful?