Simple password Encryption for Test Automation using Java

In this article we are going to discuss how to increase password security while doing automation testing using Selenium. There are times when you find that you need to add a secure password in your automation test cases. When you work as a team test scripts are shared among different people for review/discussion or you have a personal project which you want send to your friend for fixing a bug, but you don't want your secret password displayed in your code. There is a simple solution for that, Password encryption! In summary you want an encrypted value shown up in your scripts at the password field and you want to decrypt it in your way behind the scene, right? Java has a suitable package to achieve this. We will use the Java API for doing the encoding and I'll be showing you how to implement it in Selenium later on. So, you will be needing the Base64 package from Java API which is in the common Codec binary package. You need to import this package to your code and you are all set for the encoding.

Let's see an example to understand this in detail. Let's create a string str which can hold a random value which is "abcd1234". Let me try to encode this string and see that how it can be done. In Java, what you will need is the Base64 class and the method from this Base64 class, that is encodeBase64 method - which takes a byte array. But our input is a string variable. So, to convert this string into byte array let me call the string function that is "get byte" so this function has converted the appended string str into a byte array. The Base64 package encodes the byte data and stores this byte into an array. For future use I'm going to call the byte array encode. We have converted our string into an encrypted format and stored it into a variable. Let's print it out to see what it contains. The string before encoding is str and after encoding what we have is in the byte data format. We can convert it into string and display it using the print statement. The string format of byte code is YWJjZDEyMzQ=. It has been encrypted. The string before encoding is "abcd1234" which had four strings and after encoding we have a totally unrelated string.

This is how we do the encoding using the base class in Java. Now you can use this in any way you want in Selenium. Maybe, you can write the encoding function and a decoding function in your framework behind the scene and then in your test case you can just pass on those value encoded value and then return it back to the decoded function in the framework which will decode it and do whatever you want to do. Let's see an example to understand this better. I am going into the Facebook.com now and I don't want to to use my password directly in the test script. I will show you how to do it using our password encode method.

First, you need the string encoded password which you may get from an encode function(as shown in image 1) which can be added to your framework. Convert the output of encode operation into a string format and store it into a variable. Now you can put the encoded password directly in your test script so nobody can see the actual password from your test scripts but your job will be done. So, when you want to use that password what we'll do is that we'll just call a decode function. The decode function is also available in Java in the same Base64 package known as decodeBase64. The encoded password is a string. The decodeBase64 accepts a string and does the reverse of encode. It will decode and create the byte form of an encoded password input. We store it as a byte and later convert it into a string and provide it to a calling function using return. Later when Selenium locator for the password text field needs an input, use the output of the decode function.

Thus, in the Facebook login page you will get the same keys you are supposed to get, if you key enter the actual password which will eventually log you into your Facebook account. I hope this short article give you an insight into improving password security for your automation test cases, especially log in test cases.