Vault

The vault logic is based on a simple Configuration Management logic that allows you to create:

  • SENSITIVE (protected) variables that can only be viewed by Editors, Admins or Owners

  • PLAINTEXT variables that can be viewed by all members of your team

You can use these variables to easily define test cases without having to remember sensitive keys (such as API keys for instance) and reference them into any Template, Test or Cron job.

The vault keys can be referenced as following:

${vault.your_key_name_here}

As you can see, it uses the same substitution logic as the one used for extracting/inserting worklow specific headers or responses into your test case, but having a specific name space in front of it -> vault.

Here’s how you would use a vault with the key name api_key_demo_rungutan as a header in your workflow:

"workflow": [
    {
        "path": "/v1/api/tests/list",
        "method": "POST",
        "data": "{\"team_id\":\"rungutan\"}",
        "headers": {
            "X-Api-Key": "${vault.api_key_demo_rungutan}",
            "content-type": "application/json"
        },
        "extract": [
            {
                "parameter_name": "testId",
                "location": "body",
                "key": "Tests.0.test_id"
            }
        ]
    }
]

You can attach vault configuration to the following properties:

  • “domain_name” -> both “PLAINTEXT” and “SENSITIVE” supported

  • “workflow.[].path” -> only “PLAINTEXT” supported

  • “workflow.[].data” -> both “PLAINTEXT” and “SENSITIVE” supported

  • “workflow.[].headers.{}” -> both “PLAINTEXT” and “SENSITIVE” supported

What does this mean?

Regardless of the vault key being “SENSITIVE” or “PLAINTEXT”, while in the Results page, any value mentioned in the worflow.[].path will be displayed in plaintext.

This is not affected in any way however if you’re using the workflow substitution logic in which you reuse a header/response value in the path.

TL;DR:

If this is a vault key that you defined for the path:

${vault.my_get_user_path} -> /api/user

And you extract the user like this in your workflow:

{
"path": "/api/users/list",
"method": "POST",
"headers": {
    "X-Api-Key": "${vault.api_key}",
    "content-type": "application/json"
},
"extract": [
    {
        "parameter_name": "userId",
        "location": "body",
        "key": "Users.0.user_id"
      }
]

Then a future path defined as so:

{
"path": "${vault.my_get_user_path}/${userId}"
}

Will be displayed like this:

{
"path": "/api/user/${userId}"
}

Permissions

Member role vs API call

List vault keys

Get value of plaintext key

Get value of sensitive key

Edit value

Remove value

Reader

True

True

False

False

False

Editor

True

True

True

True

True

Admin

True

True

True

True

True

Owner

True

True

True

True

True

List vault keys

Web

In order to view the vault keys on our platform, all you have to do is browse to the Vault page.

API call

The API call is:

curl -s \
    -d '{"team_id":"my-team"}' \
    -H "X-Api-Key: my_api_key" \
    -X POST \
    https://api.rungutan.com/v1/api/vault/list | jq . -r

{
  "Vault": [
    {
      "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
      "key_name": "team_id_sensitive",
      "key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
      "key_storage_type": "SENSITIVE",
      "created_date": "2020-11-17T23:11:41Z",
      "updated_date": "2020-11-17T23:11:41Z"
    },
    {
      "vault_id": "9452edd1-668e-4e1c-bedc-20ebecf7471f",
      "key_name": "team_id_plaintext",
      "key_value": "rungutan",
      "key_storage_type": "PLAINTEXT",
      "created_date": "2020-11-17T23:11:24Z",
      "updated_date": "2020-11-17T23:11:24Z"
    }
  ]
}

You can also filter based on vault_id to get the summary for only that specific vault_id:

curl -s \
    -d '{"team_id":"my-team", "vault_id": "vault_id"}' \
    -H "X-Api-Key: my_api_key" \
    -X POST \
    https://api.rungutan.com/v1/api/vault/list | jq . -r

{
  "Vault": [
    {
      "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
      "key_name": "team_id_sensitive",
      "key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
      "key_storage_type": "SENSITIVE",
      "created_date": "2020-11-17T23:11:41Z",
      "updated_date": "2020-11-17T23:11:41Z"
    }
  ]
}

CLI

List all vault keys:

$ rungutan vault list
{
  "Vault": [
    {
      "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
      "key_name": "team_id_sensitive",
      "key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
      "key_storage_type": "SENSITIVE",
      "created_date": "2020-11-17T23:11:41Z",
      "updated_date": "2020-11-17T23:11:41Z"
    },
    {
      "vault_id": "9452edd1-668e-4e1c-bedc-20ebecf7471f",
      "key_name": "team_id_plaintext",
      "key_value": "rungutan",
      "key_storage_type": "PLAINTEXT",
      "created_date": "2020-11-17T23:11:24Z",
      "updated_date": "2020-11-17T23:11:24Z"
    }
  ]
}

Filter based on vault_id:

$ rungutan templates list --vault_id affa3935-f47d-48be-a962-ea8db156427c
{
  "Vault": [
    {
      "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
      "key_name": "team_id_sensitive",
      "key_value": "AQICAHhg2DTGq4d04KhIKvYrIwo+2ueH1AB7hOaIg91Ix0LryAEH5xqAQbqvaPXWfSymJlGmAAAAZjBkBgkqhkiG9w0BBwagVzBVAgEAMFAGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM/Nkm6mki78DEMCN3AgEQgCPQA3p5UYERbNv+ri3JJfGjEf9LKKtTHiwX2D/w5SxlpWxaQQ==",
      "key_storage_type": "SENSITIVE",
      "created_date": "2020-11-17T23:11:41Z",
      "updated_date": "2020-11-17T23:11:41Z"
    }
  ]
}

Add vault key

Web

In order to save add a new vault key, all you have to do is browse to the Vault page and click on the add new key button.

API call

The API call is:

curl -s \
    -d '{
        "key_storage_type": "SENSITIVE",
        "key_name": "my_new_key",
        "key_value": "my_value"
        }' \
    -H "X-Api-Key: my_api_key" \
    -X POST \
    https://api.rungutan.com/v1/api/vault/add | jq . -r

{
    "template_id": "some_template_id",
    "message": "Successfully created new vault key"
}

CLI

Start the test in the background:

$ rungutan vault add --key_storage_type SENSITIVE --key_name my_new_key --key_value my_value
{
    "message": "Successfully created new vault key"
}

Get vault key value

Web

In order to get the value of a vault key, all you have to do is browse to the Vault page and click on the Get value button for the respective key name.

API call

The API call is:

curl -s \
    -d '{
        "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
        "team_id": "my-team"
        }' \
    -H "X-Api-Key: my_api_key" \
    -X POST \
    https://api.rungutan.com/v1/api/vault/get | jq . -r

{
    "VaultKey": {
        "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
        "team_id": "rungutan",
        "key_storage_type": "SENSITIVE",
        "key_name": "team_id_sensitive",
        "key_value": "rungutan",
        "created_date": "2020-11-17T23:11:41Z",
        "updated_date": "2020-11-17T23:11:41Z"
    }
}

CLI

This is how you run the CLI:

$ rungutan vault get --vault_id affa3935-f47d-48be-a962-ea8db156427c
{
    "VaultKey": {
        "vault_id": "affa3935-f47d-48be-a962-ea8db156427c",
        "team_id": "rungutan",
        "key_storage_type": "SENSITIVE",
        "key_name": "team_id_sensitive",
        "key_value": "rungutan",
        "created_date": "2020-11-17T23:11:41Z",
        "updated_date": "2020-11-17T23:11:41Z"
    }
}

Remove key

Web

In order to remove a key, all you have to do is browse to the Vault page and click on the “Remove value” button.

API call

The API call is:

curl -s \
    -d '{
        "vault_id": "some_template_id",
        "team_id": "my-team"
        }' \
    -H "X-Api-Key: my_api_key" \
    -X POST \
    https://api.rungutan.com/v1/api/vault/remove | jq . -r

{
    "message": "Successfully deleted vault key"
}

CLI

Remove the template using the CLI:

$ rungutan vault remove --vault_id 61c8bc4b-e1b1-4fb5-bb24-d860bf79e460
{
    "message": "Successfully deleted vault key"
}