Store Secrets with Keystore

Tradefed includes the concept of keystore, where secrets can be stored in a keystore service and requested at test run time for use during the test.

How to use the keystore

To use the keystore, you need to first define the source for the keystore in your global configuration.

Once done, you can then use the stored keys via: USE_KEYSTORE@{key}


The sample implementation in Tradefed core uses a JSON keystore, JSONFileKeyStoreClient. To use this keystore, you would define a JSON key file that has key to value mappings.

For example, you could define a /path/to/keystore.json file as

  "test_account": "",
  "test_account_pwd": "helloworld",
  "wifi_lab_ssid": "Google_private_AP",
  "wifi_lab_pwd": "secret123",

Then you would add the following lines in your TF global configuration file:

<key_store class="">
<option name="json-key-store-file" value="/path/to/keystore.json" />

When executing related tests, you can now pass in values as USE_KEYSTORE@test_account, which TF will then query the keystore for and use its value as part of the test.