Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature request: Use Environment variables for secrets capabilities #1702

Open
itkhanz opened this issue Sep 19, 2024 · 3 comments
Open

feature request: Use Environment variables for secrets capabilities #1702

itkhanz opened this issue Sep 19, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@itkhanz
Copy link

itkhanz commented Sep 19, 2024

Current Behavior

Currently, I have different JSON capabilities for starting Appium Session using Appium Inspector. For iOS applications on real device, we need to pass appium:xcodeOrgId and appium:xcodeSigningId as a session capability. Currently this is hard-coded in all the session capabilities and being repeated across all the sessions. This is not so nice when sharing these capabilities across different teams result in leakage of such secrets. There should be some way to hide or mask these capabilities values.

Suggested Solution

Ideally these secrets should not be visible in session capabilities, and there should be a way for Appium Inspector to read these values from environment variables.
Possible solution could look like:-

Passing these capabilities as appium:xcodeOrgId = {$XCODE_ORG_ID} where value within brace is treated as environment variable and loaded accordingly.

Or maybe we could add another dropdown option next to capability key that has option of environment variable for the type of capability and as value of this capability then we simply pass the name of environment variable.

Or alternatively there should be a way to store these secrets in Appium Inspector itself just like how tools like Postman allow user to store secrets and then use them in tool.

Additional Information

Additionally, a rather simple UI enhancement can be to have a checkmark next to such secrets capabilities that when checked masks the capability value.

@itkhanz itkhanz added the enhancement New feature or request label Sep 19, 2024
@eglitise
Copy link
Collaborator

I like this idea, though this information will not be hidden from the Appium server logs (unless the server is explicitly instructed to hide it). It would still make it safer to share such capabilities, though.

@saikrishna321
Copy link
Member

@eglitise FYI

@saikrishna321 @SrinivasanTarget will pick this.

@KazuCocoa
Copy link
Member

Btw, is the running appium server working remotely, or is the target appium server long-running process?

Actually, it depends on the usage but I think starting an appium server process with --default-capabilities instead of sending them over http/s is more secure in terms of setting secrets (and using --log-filters to mask them from the logs as well as #1702 (comment))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

4 participants