Question about private parameters in the agent log

As one would expect I am setting username and password parameters as private.
But if I check the agent log on my HDD and I scroll through all the log lines, I can see in my login test my unencrypted password written in the logs.

Step #11/1 ‘Type {{(password)}} in {{Password }}’ in Test ‘Login’ ← Finished: Passed (Text typed)

It is not shown in the GUI logs, but I would also expect it to be omitted from the agent log.
Is it normal policy to show private parameters in the agent log?

So if I share my agent logs with support they have access to my username and password?

Hi @matthijs.risselada,
I believe you meant for ‘secret parameters’.
The show up this way in the logs {{***}} for security reasons.

@ran.ferdinaro
This is indeed what I want.
Thank you for your reply.
It seems I was confused.

@ran.ferdinaro
Quick follow-up question.
My username and password, together with other information, is stored (encrypted) in a json file.
As part of my login step I read said file and extract username and password.
I decode them and use them to login.
After reading the json, I store the Json array in a parameter, that I have just now made secret.
I did that because I do not want the content of that Json, with encrypted username and password, to show up in the logs.
But now this Retrieve JSON array from local file step is failing on a validation. The message is that [***], nice btw, does not contain the value expected.
But all the follow-up steps like retrieving password and username are working fine.
I understand that Json operations is an addon, but I am confused why the validation would fail, when the following steps proceed without issues.

@matthijs.risselada Please contact us at support@testproject.io so we can gather more info on this issue.

@ran.ferdinaro
Question.
I have a LoginTest
Step 5 and 6 are to decode the string that I got from my config Jason with username and password.
In the GUI log, looks good.


But then I check the agent log on my HDD.
Under C:\Users***\AppData\Roaming\TestProject\Agent\logs\ElTz8kKLrUKGpT330iG_mA\1
2022-04-11 09:19:34.269 ElTz8kKLrUKGpT330iG_mA_1 INFO pool-3-thread-4 i.t.a.m.d.k Step #5 in Test ‘Login’ → Started
2022-04-11 09:19:35.270 ElTz8kKLrUKGpT330iG_mA_1 INFO Thread-22 i.t.a.m.d.a.a Reporting result: String decoded successfully to: matthijs.risselada@[censored this myself]

So my decoded username is visible in the logs.
Even my decoded password is visible in the logs.
No *** or anything else.
Completely visible.
I donwgraded my agent to 3.4.2 at request for another issue.

When I downlod the agent logs, for example to send them to support, my username and password are visible.
The parameters are secret

What am I doing wrong?
What should I do to get the secret parameters also secret in the agent logs on my hdd?

Hi @matthijs.risselada,
Please reproduce the issue (without your real credentials) and send the logs to support@testproject.io

@matthijs.risselada I created a bug ticket for this issue.
Ticket number TP-17294
Our teams will investigate the ticket and will get back to you once it’s resolved.

1 Like