One concept that doesn’t always come to mind when we think of automated application testing is secrets management. That being said, proper secrets management helps drive an effective automated testing strategy by increasing parity between environments and enabling easy and secure access to application infrastructure and related services. Keep reading for a deeper dive into the impact of secrets management on test automation.
The Value of Automated Testing
First, let’s consider the ways in which automated testing can impact the development team’s ability to produce a high-quality product. Some of the major benefits are:
- Automated testing increases the speed at which application testing is completed – Manual testing is performed via a manual process, and it’s no secret that repeating a manual process can take an excessive amount of time. In contrast, automated tests can be executed repeatedly and much more rapidly than their manual counterparts. Therefore, an automated testing strategy dramatically increases the speed at which application testing is completed.
- Automated testing saves time for development and testing personnel – In addition to the fact that scripts simply run faster when automated, the fact that developers and testing personnel do not have to intervene manually also saves their time. By automating your testing process, developers and test engineers will no longer need to manually test functionality on a repeated basis to ensure quality. Instead, they can focus their efforts on innovating or improving processes such as expanding test coverage.
- Automated testing increases test coverage – With the additional time afforded to developers and test engineers by the implementation of an automated testing strategy, they can make a targeted effort to write additional test scripts to help increase test coverage. And since automated tests can be run efficiently and on a repeatable basis, large test sets covering a large percentage of application functionality can be executed with each application build, making it easier than ever to verify application quality before deploying.
- Automated testing limits the impact of human error – Human error is hard to avoid when processes are performed manually. And human error in application testing can derail application quality. For example, when manually testing an application feature, you always run the risk that functionality that was “verified” by a manual tester may actually be broken. Automated testing helps eliminate this risk by ensuring that all test scripts will behave in the same manner each time they are executed.
Now that we have explained the value of automated testing, let’s dig into the ways in which secrets management can help support a strategy of test automation.
The Impact of Effective Secrets Management on an Automated Testing Strategy
Parity (or sameness) between environments is critical for ensuring that your application performs the same in production as it does in a test environment. In other words, your test environment must be as close as possible to your production environment so that the automated test scripts can be considered reliable in their verification of functionality. In order to maintain parity across environments, DevOps teams typically leverage tools for automated configuration management (such as Ansible and Chef) to spin up and manage environments that are identical to one another. These configuration scripts often require secrets in order to gain access to various portions of the application infrastructure. And, as we know, a proper secrets management strategy is essential for ensuring that these secrets are kept secure.
One can make the case that just about every feature within an application should have automated test scripts to validate its functionality. With that said, not all features are simple to test. Some features, for instance, must communicate with other systems in order to be tested effectively. For example, consider an application feature that needs to make calls via an API to retrieve information for processing. In this case, an API key enables the application to have secure access to the service. Therefore, in order to develop automated test scripts that can truly validate the functionality of such a feature, the organization must have a mechanism in place for effectively and securely sharing the API key in the test environment.
This is just one example, but the overarching theme is that secrets management allows an organization to grant test engineers secure access to the portions of the application infrastructure necessary for writing and executing automated tests that thoroughly test the application. As always, keep in mind that doing this properly will require an effective secrets management strategy likely involving a secrets manager such as Conjur from CyberArk.
Putting It All Together
Ensuring application quality means ensuring stability. And automated testing plays a crucial role in maintaining application quality as an application evolves. As mentioned above, testing an application in a practical way requires that the test environment be identical to the production environment. It also means granting test engineers access to all portions of the application infrastructure that are necessary for testing features effectively. These requirements can be met with greater ease when employing an effective secrets management strategy.
Join the Conversation on the CyberArk Commons
If you’re interested in this and other open source content, join the conversation on the CyberArk Commons Community. Secretless Broker, Conjur and other open source projects are a part of the CyberArk Commons Community, an open community dedicated to developers, engineers, cybersecurity researchers and other technically minded people. To discuss Kubernetes, Secretless Broker, Conjur, or CyberArk Threat Research, join me on the CyberArk Commons discussion forum.
Scott Fitzpatrick is a Fixate IO Contributor and has 8 years of experience in software development. He has worked with many languages and frameworks, including Java, ColdFusion, HTML/CSS, JavaScript and SQL.