Testing code with sensitive data

Tuesday, Sep 6, 2016
Categories: Developer,
Tags: git, powershell, testing,

I recently renewed work on my first ever github project. Over the course of a whole year when that project was dormant, I’d learned some new tricks. I now try to focus on writing tests for my projects. It is immensely convenient when I add features here  and there and need to check the whole code for errors.

Anyways, my project requires API keys to imgur.com. However I do not want to hard-code them into my test.py file. But I also do not want to manually provide keys every time I run tests. So what do I do?

If you develop on Windows, have you heard of our lord and savior Powershell? Powershell is a scripting environment (like cmd on steroids) akin to bash on linux. I simply wrote a PS script that substitutes keys into test.py. Then it runs the file, and before exiting removes the API keys again. To illustrate:


# my tests

My script that looks for CLIENT_ID and CLIENT_SECRET and inserts API keys:

$id = "SOME_ID"
$secret = "SOME_SECRET"
$file = "test.py"

$content = Get-Content $file
$content -replace "CLIENT_ID = ''", "CLIENT_ID = '$id'" |
         % {$_.replace("CLIENT_SECRET = ''", "CLIENT_SECRET = '$secret'")} |
         Set-Content $file

python $file

 $content -replace "CLIENT_ID = '$id'", "CLIENT_ID = ''" |
          % {$_.replace("CLIENT_SECRET = '$secret'", "CLIENT_SECRET = ''")} |
          Set-Content $file

Immediately after the code is run (python $file). The file is restored to its initial state so I can upload it to github safely.

If you already have some sensitive information uploaded to github or in your git history, check out BFG. It is a tool that can purge files/replace text from git history permanently.