You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, I have different JSON capabilities for starting Appium Session using Appium Inspector. For iOS applications on real device, we need to pass appium:xcodeOrgId and appium:xcodeSigningId as a session capability. Currently this is hard-coded in all the session capabilities and being repeated across all the sessions. This is not so nice when sharing these capabilities across different teams result in leakage of such secrets. There should be some way to hide or mask these capabilities values.
Suggested Solution
Ideally these secrets should not be visible in session capabilities, and there should be a way for Appium Inspector to read these values from environment variables.
Possible solution could look like:-
Passing these capabilities as appium:xcodeOrgId = {$XCODE_ORG_ID} where value within brace is treated as environment variable and loaded accordingly.
Or maybe we could add another dropdown option next to capability key that has option of environment variable for the type of capability and as value of this capability then we simply pass the name of environment variable.
Or alternatively there should be a way to store these secrets in Appium Inspector itself just like how tools like Postman allow user to store secrets and then use them in tool.
Additional Information
Additionally, a rather simple UI enhancement can be to have a checkmark next to such secrets capabilities that when checked masks the capability value.
The text was updated successfully, but these errors were encountered:
Btw, is the running appium server working remotely, or is the target appium server long-running process?
Actually, it depends on the usage but I think starting an appium server process with --default-capabilities instead of sending them over http/s is more secure in terms of setting secrets (and using --log-filters to mask them from the logs as well as #1702 (comment))
Current Behavior
Currently, I have different JSON capabilities for starting Appium Session using Appium Inspector. For iOS applications on real device, we need to pass appium:xcodeOrgId and appium:xcodeSigningId as a session capability. Currently this is hard-coded in all the session capabilities and being repeated across all the sessions. This is not so nice when sharing these capabilities across different teams result in leakage of such secrets. There should be some way to hide or mask these capabilities values.
Suggested Solution
Ideally these secrets should not be visible in session capabilities, and there should be a way for Appium Inspector to read these values from environment variables.
Possible solution could look like:-
Passing these capabilities as appium:xcodeOrgId = {$XCODE_ORG_ID} where value within brace is treated as environment variable and loaded accordingly.
Or maybe we could add another dropdown option next to capability key that has option of environment variable for the type of capability and as value of this capability then we simply pass the name of environment variable.
Or alternatively there should be a way to store these secrets in Appium Inspector itself just like how tools like Postman allow user to store secrets and then use them in tool.
Additional Information
Additionally, a rather simple UI enhancement can be to have a checkmark next to such secrets capabilities that when checked masks the capability value.
The text was updated successfully, but these errors were encountered: