Vault¶
The vault logic is based on a simple Configuration Management logic that allows you to create:
SENSITIVE (protected) variables that can only be viewed by Editors, Admins or Owners
PLAINTEXT variables that can be viewed by all members of your team
You can use these variables to easily define test cases without having to remember sensitive keys (such as API keys for instance) and reference them into any Template, Test or Cron job.
The vault keys can be referenced as following:
${vault.your_key_name_here}
As you can see, it uses the same substitution logic as the one used for extracting/inserting worklow specific headers or responses into your test case, but having a specific name space in front of it -> vault.
Here’s how you would use a vault with the key name api_key_demo_rungutan as a header in your workflow:
"workflow": [
{
"path": "/v1/api/tests/list",
"method": "POST",
"data": "{\"team_id\":\"rungutan\"}",
"headers": {
"X-Api-Key": "${vault.api_key_demo_rungutan}",
"content-type": "application/json"
},
"extract": [
{
"parameter_name": "testId",
"location": "body",
"key": "Tests.0.test_id"
}
]
}
]
You can attach vault configuration to the following properties:
“workflow.[].path” -> only “PLAINTEXT” supported
“workflow.[].data” -> both “PLAINTEXT” and “SENSITIVE” supported
“workflow.[].headers.{}” -> both “PLAINTEXT” and “SENSITIVE” supported
What does this mean?
Regardless of the vault key being “SENSITIVE” or “PLAINTEXT”, while in the Results page, any value mentioned in the worflow.[].path will be displayed in plaintext.
This is not affected in any way however if you’re using the workflow substitution logic in which you reuse a header/response value in the path.
TL;DR:
If this is a vault key that you defined for the path:
${vault.my_get_user_path} -> /api/user
And you extract the user like this in your workflow:
{
"path": "/api/users/list",
"method": "POST",
"headers": {
"X-Api-Key": "${vault.api_key}",
"content-type": "application/json"
},
"extract": [
{
"parameter_name": "userId",
"location": "body",
"key": "Users.0.user_id"
}
]
Then a future path defined as so:
{
"path": "${vault.my_get_user_path}/${userId}"
}
Will be displayed like this:
{
"path": "/api/user/${userId}"
}
Permissions¶
Member role vs API call |
List vault keys |
Get value of plaintext key |
Get value of sensitive key |
Edit value |
Remove value |
|---|---|---|---|---|---|
Reader |
True |
True |
False |
False |
False |
Editor |
True |
True |
True |
True |
True |
Admin |
True |
True |
True |
True |
True |
AdminWithBilling |
True |
True |
True |
True |
True |
Owner |
True |
True |
True |
True |
True |
List vault keys¶
Web¶
In order to view the vault keys on our platform, all you have to do is browse to the Vault page.
API call¶
The API call is:
curl -s \
-d '{"team_id":"my-team"}' \
-H "X-Api-Key: my_api_key" \
-X POST \
https://app.rungutan.com/v1/api/vault/list | jq . -r
{
"Vault": [
{
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"key_name": "team_id_sensitive",
"key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
"key_storage_type": "SENSITIVE",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
},
{
"vault_id": "9452edd1-668e-4e1c-bedc-20ebecf7471f",
"key_name": "team_id_plaintext",
"key_value": "rungutan",
"key_storage_type": "PLAINTEXT",
"created_date": "2020-11-17T23:11:24Z",
"updated_date": "2020-11-17T23:11:24Z"
}
]
}
You can also filter based on vault_id to get the summary for only that specific vault_id:
curl -s \
-d '{"team_id":"my-team", "vault_id": "vault_id"}' \
-H "X-Api-Key: my_api_key" \
-X POST \
https://app.rungutan.com/v1/api/vault/list | jq . -r
{
"Vault": [
{
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"key_name": "team_id_sensitive",
"key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
"key_storage_type": "SENSITIVE",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
}
]
}
CLI¶
List all vault keys:
$ rungutan vault list
{
"Vault": [
{
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"key_name": "team_id_sensitive",
"key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
"key_storage_type": "SENSITIVE",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
},
{
"vault_id": "9452edd1-668e-4e1c-bedc-20ebecf7471f",
"key_name": "team_id_plaintext",
"key_value": "rungutan",
"key_storage_type": "PLAINTEXT",
"created_date": "2020-11-17T23:11:24Z",
"updated_date": "2020-11-17T23:11:24Z"
}
]
}
Filter based on vault_id:
$ rungutan vault list --vault_id affa3935-f47d-48be-a962-ea8db156427c
{
"Vault": [
{
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"key_name": "team_id_sensitive",
"key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
"key_storage_type": "SENSITIVE",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
}
]
}
Add vault key¶
Web¶
In order to save add a new vault key, all you have to do is browse to the Vault page and click on the add new key button.
API call¶
The API call is:
curl -s \
-d '{
"key_storage_type": "SENSITIVE",
"key_name": "my_new_key",
"key_value": "my_value"
}' \
-H "X-Api-Key: my_api_key" \
-X POST \
https://app.rungutan.com/v1/api/vault/add | jq . -r
{
"template_id": "some_template_id",
"message": "Successfully created new vault key"
}
CLI¶
Start the test in the background:
$ rungutan vault add --key_storage_type SENSITIVE --key_name my_new_key --key_value my_value
{
"message": "Successfully created new vault key"
}
Get vault key value¶
Web¶
In order to get the value of a vault key, all you have to do is browse to the Vault page and click on the Get value button for the respective key name.
API call¶
The API call is:
curl -s \
-d '{
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"team_id": "my-team"
}' \
-H "X-Api-Key: my_api_key" \
-X POST \
https://app.rungutan.com/v1/api/vault/get | jq . -r
{
"VaultKey": {
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"team_id": "rungutan",
"key_storage_type": "SENSITIVE",
"key_name": "team_id_sensitive",
"key_value": "rungutan",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
}
}
CLI¶
This is how you run the CLI:
$ rungutan vault get --vault_id affa3935-f47d-48be-a962-ea8db156427c
{
"VaultKey": {
"vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
"team_id": "rungutan",
"key_storage_type": "SENSITIVE",
"key_name": "team_id_sensitive",
"key_value": "rungutan",
"created_date": "2020-11-17T23:11:41Z",
"updated_date": "2020-11-17T23:11:41Z"
}
}
Remove key¶
Web¶
In order to remove a key, all you have to do is browse to the Vault page and click on the “Remove value” button.
API call¶
The API call is:
curl -s \
-d '{
"vault_id": "some_template_id",
"team_id": "my-team"
}' \
-H "X-Api-Key: my_api_key" \
-X POST \
https://app.rungutan.com/v1/api/vault/remove | jq . -r
{
"message": "Successfully deleted vault key"
}
CLI¶
Remove the template using the CLI:
$ rungutan vault remove --vault_id 61c8bc4b-e1b1-4fb5-bb24-d860bf79e460
{
"message": "Successfully deleted vault key"
}