A way to securely access passwords from unattended scripts.

Tell us what features would make LastPass even better and vote for features that are most important to you

Moderators: admin, anatoly_LP, chantieLP, JoeSiegrist, robyn

A way to securely access passwords from unattended scripts.

Postby ChuckvdL » Fri Dec 07, 2018 6:04 pm

So it's easy enough to use the API to enable access to credentials via lastpass in attended scripts (where the script runner gets prompted for their credentials) for the kind of things IT and DevOps does.

However, for QA purposes, in test automation we often need to access credentials to login to websites, access API's, etc in scripts that will be running un-attended (typically as part of build pipeline in a CI took, or run on a timed bases by a chron-job or CI tool. The last thing we want to do is persist those credentials in a script, or the config of the CI job, as lots of people may have access to the scripts, and CI system. This becomes especially important for scripts testing things like internal tools that can access private information about users or co-workers.

As the scripts run un-attended, it means there's not a way for a human to provide access to lastpass.. and of course persisting your master password in such a script would be like the height of stupidity. What's needed is a way to issue some kind of token that could be used to access either a single credential, or shared folder of credentials, and would be somehow locked down to a limited set of systems so that stealing the token is of little to no value.

(talk to your own QA/Dev folk who write things like UI level tests for web UI's, integration tests for REST API's etc, I expect this is a need they would have also.)

Is there a way to do this sort of thing with LastPass already? if not this would seem to be a good new feature for the enterprise level product
ChuckvdL
 
Posts: 2
Joined: Fri Dec 07, 2018 5:47 pm

Re: A way to securely access passwords from unattended scrip

Postby FlyingHawk » Fri Dec 07, 2018 10:24 pm

Why not just use a dummy test account?
FlyingHawk
 
Posts: 706
Joined: Wed Mar 18, 2015 12:04 pm

Re: A way to securely access passwords from unattended scrip

Postby ChuckvdL » Mon Dec 10, 2018 1:49 pm

Dummy test accounts work for some things, mostly for 'users' in a QA environment. Not so much if your script needs to access a database, services, etc. In those cases even a 'dummy' account could have access to a lot of information. In addition sometimes it's necessary to test against your production environment, where a 'dummy' account may still have a lot of system access depending on what sorts of things are being tested.
ChuckvdL
 
Posts: 2
Joined: Fri Dec 07, 2018 5:47 pm


Return to Feature Requests

Who is online

Users browsing this forum: No registered users and 23 guests