Tradefed includes the concept of a keystore, where secrets can be stored in a keystore service and requested at test run time for use during the test.
Use a keystore
To use a keystore, you need to first define the source for the keystore in your global configuration.
Once done, you can then use the stored keys via: USE_KEYSTORE@{key}
JSONFileKeyStore
The sample implementation in Tradefed core uses a JSON keystore,
JSONFileKeyStoreClient. To use this keystore, you would define a JSON key file
that has key to value mappings.
For example, you could define a /path/to/keystore.json file as
{
"test_account": "foo@gmail.com",
"test_account_pwd": "helloworld",
"wifi_lab_ssid": "Google_private_AP",
"wifi_lab_pwd": "secret123",
}
Then you would add the following lines in your TF global configuration file:
<key_store class="com.android.tradefed.util.keystore.JSONFileKeyStoreFactory">
<option name="json-key-store-file" value="/path/to/keystore.json" />
</key_store>
When executing related tests, you can now pass in values as
USE_KEYSTORE@test_account, which TF will then query the keystore for and use
its value as part of the test.
Host-based keystore file
To define host-based key-value pairs, you may define a
/path/to/keystore_ssid.json file as
{
"host_a.*\\.corp\\.com": {
"wifi_lab_ssid": "ssid_a",
"wifi_lab_pwd": "secret_a"
},
"host_b.*\\.corp\\.com": {
"wifi_lab_ssid": "ssid_b",
"wifi_lab_pwd": "secret_b"
}
}
The key of an entry in the file is a regular expression (regex) pattern for the hostname and the value is the set of key-value pairs for any host with a matching hostname.
Then update your TF global configuration file to include the host-based keystore file:
<key_store class="com.android.tradefed.util.keystore.JSONFileKeyStoreFactory">
<option name="json-key-store-file" value="/path/to/keystore.json" />
<option name="host-based-key-store-file" value="/path/to/keystore-ssid.json" />
</key_store>
The value of a key defined in a host-based keystore file overrides that defined
in the keystore file specified with json-key-store-file.
When multiple host-based keystore files are present in the keystore, the order matters. If the value for a key is defined in multiple files, the value in the last such file overrides the rest.