Path: csiph.com!newsfeed.hal-mli.net!feeder3.hal-mli.net!news.stack.nl!newsfeed.xs4all.nl!newsfeed1a.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.004 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'subject:: [': 0.04; '21,': 0.07; 'dev': 0.07; 'contexts': 0.09; 'cc:addr:python-list': 0.11; 'stored': 0.12; '(both': 0.16; 'accepts': 0.16; 'for,': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'happily': 0.16; 'subject:credentials': 0.16; 'vpn': 0.16; 'zeroes': 0.16; 'wrote:': 0.18; 'obviously': 0.18; 'subject:] ': 0.20; 'machine': 0.22; 'tests': 0.22; 'cc:addr:python.org': 0.22; '(such': 0.24; 'pre': 0.24; 'mon,': 0.24; '(or': 0.24; 'cc:2**0': 0.24; "i've": 0.25; 'source': 0.25; 'header:In-Reply-To:1': 0.27; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; 'credentials': 0.31; 'equivalent.': 0.31; 'file': 0.32; 'option': 0.32; 'another': 0.32; 'test': 0.35; 'received:google.com': 0.35; 'done': 0.36; 'subject:?': 0.36; 'server': 0.38; 'needed': 0.38; 'whatever': 0.38; 'how': 0.40; 'control)': 0.84; 'mock': 0.84; 'subject:Testing': 0.84; 'aws': 0.91; 'encrypted': 0.91; 'these.': 0.91; 'to:none': 0.92 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=yA75nF7PQOC5I3I4acHW9GTh9A+/K76iLzrhql8rjg0=; b=mv7e1h0fpLvzPNaqM26k3KmG9DA79FlazQVCtqS/GnN8Qzo89mT/e+Aou4Bw87pK1L 3ygr5tbIixzYe8nT5ApOE0uzzrBhDP+JYanzYiYhVqe6FhJtMnmuWGeCEz6AfMbiYONm +g4EF6kpuAj9JZZL/P8z4Hn4CNnrriXgX81dqYrpNbxrCQeI+Qoz2dqtbsJKNkkzFnu2 SKR5q4WqKjslcQsx3xr/ZM9YKMX/5IUE+mD4SuLnmRQ/DQhbnkx7pNhjKBrKASrhmjis n0k42Vxko/Yz24v/EBdOj1pbQ5xxI+LKgBvfGyzji6TbLTd86hx9aSY7rbU03xvLUJag R6Kg== MIME-Version: 1.0 X-Received: by 10.220.4.132 with SMTP id 4mr26617337vcr.9.1398012324852; Sun, 20 Apr 2014 09:45:24 -0700 (PDT) In-Reply-To: <267e12d3-ea01-4886-bfa7-5c7270adbe92@googlegroups.com> References: <267e12d3-ea01-4886-bfa7-5c7270adbe92@googlegroups.com> Date: Mon, 21 Apr 2014 02:45:24 +1000 Subject: Re: [OT] Testing and credentials best practices? From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 15 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1398012333 news.xs4all.nl 2830 [2001:888:2000:d::a6]:41786 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:70421 On Mon, Apr 21, 2014 at 2:36 AM, Miki Tebeka wrote: > How do you deal with tests (both on dev machine and Jenkins) that need credentials (such as AWS keys)?. I know of the following methods: > > 1. Test user with known (stored in source control) limited credentials > 2. ~/.secrets (or any other known location) RC file which is not in source control > 3. Credentials service (such as ZooKeeper) accessed only from VPN > 4. Credentials pre user encrypted (gpg) and stored in source control I've done several of these. Another option that may work in some contexts is to mock the test altogether; have a server that simulates whatever you needed credentials for, and accepts a key of all zeroes or equivalent. Obviously that key can happily go into the source code :) ChrisA