自 2025 年 3 月 27 日起,我们建议您使用 android-latest-release 而非 aosp-main 构建 AOSP 并为其做出贡献。如需了解详情,请参阅 AOSP 的变更。
使用密钥库存储密钥
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Tradefed 包含密钥库的概念,该概念是指可以将密钥存储在密钥库服务中,还可以在测试运行时请求密钥,以便在测试期间使用。
使用密钥库
若要使用密钥库,您需要先在全局配置中定义密钥库的源。
完成后,即可通过 USE_KEYSTORE@{key} 使用存储的密钥:
JSONFileKeyStore
Tradefed 核心中的实现示例使用了一个 JSON 密钥库,即 JSONFileKeyStoreClient。要使用此密钥库,您应定义一个包含键值映射的 JSON 密钥文件。
例如,您可以将 /path/to/keystore.json 文件定义为:
{
"test_account": "foo@gmail.com",
"test_account_pwd": "helloworld",
"wifi_lab_ssid": "Google_private_AP",
"wifi_lab_pwd": "secret123",
}
然后,您应在 TF 全局配置文件中添加以下行:
<key_store class="com.android.tradefed.util.keystore.JSONFileKeyStoreFactory">
<option name="json-key-store-file" value="/path/to/keystore.json" />
</key_store>
在执行相关测试时,您现在可以将值作为 USE_KEYSTORE@test_account 传入,TF 随后会从密钥库中查询该键,并将其值用作测试的一部分。
基于主机的密钥库文件
如需定义基于主机的键值对,您可以将 /path/to/keystore_ssid.json 文件定义为:
{
"host_a.*\\.corp\\.com": {
"wifi_lab_ssid": "ssid_a",
"wifi_lab_pwd": "secret_a"
},
"host_b.*\\.corp\\.com": {
"wifi_lab_ssid": "ssid_b",
"wifi_lab_pwd": "secret_b"
}
}
该文件中的条目的键是主机名的正则表达式 (regex) 模式,而值是任何具有匹配主机名的主机的键值对集。
然后,更新 TF 全局配置文件以包含基于主机的密钥库文件:
<key_store class="com.android.tradefed.util.keystore.JSONFileKeyStoreFactory">
<option name="json-key-store-file" value="/path/to/keystore.json" />
<option name="host-based-key-store-file" value="/path/to/keystore-ssid.json" />
</key_store>
在基于主机的密钥库文件中定义的键会替换在 json-key-store-file 指定的密钥库文件中定义的密钥的值。
当密钥库中存在多个基于主机的密钥库文件时,顺序很重要。如果某个文件的值已在多个文件中定义,则最后一个文件中的值将替换余下的值。
本页面上的内容和代码示例受内容许可部分所述许可的限制。Java 和 OpenJDK 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-03-26。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["没有我需要的信息","missingTheInformationINeed","thumb-down"],["太复杂/步骤太多","tooComplicatedTooManySteps","thumb-down"],["内容需要更新","outOfDate","thumb-down"],["翻译问题","translationIssue","thumb-down"],["示例/代码问题","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-03-26。"],[],[],null,["# Store secrets with keystore\n\nTradefed includes the concept of a [keystore](/docs/security/features/keystore),\nwhere secrets can be stored in a keystore service and requested at test run time\nfor use during the test.\n\nUse a keystore\n--------------\n\nTo use a keystore, you need to first define the source for the keystore in\nyour [global\nconfiguration](/docs/core/tests/tradefed/architecture/advanced/global-config).\n\nOnce done, you can then use the stored keys via: `USE_KEYSTORE@{key}`\n\nJSONFileKeyStore\n----------------\n\nThe sample implementation in Tradefed core uses a JSON keystore,\n`JSONFileKeyStoreClient`. To use this keystore, you would define a JSON key file\nthat has key to value mappings.\n\nFor example, you could define a `/path/to/keystore.json` file as \n\n {\n \"test_account\": \"foo@gmail.com\",\n \"test_account_pwd\": \"helloworld\",\n \"wifi_lab_ssid\": \"Google_private_AP\",\n \"wifi_lab_pwd\": \"secret123\",\n }\n\nThen you would add the following lines in your TF global configuration file: \n\n \u003ckey_store class=\"com.android.tradefed.util.keystore.JSONFileKeyStoreFactory\"\u003e\n \u003coption name=\"json-key-store-file\" value=\"/path/to/keystore.json\" /\u003e\n \u003c/key_store\u003e\n\nWhen executing related tests, you can now pass in values as\n`USE_KEYSTORE@test_account`, which TF will then query the keystore for and use\nits value as part of the test.\n\nHost-based keystore file\n------------------------\n\nTo define host-based key-value pairs, you may define a\n`/path/to/keystore_ssid.json` file as \n\n {\n \"host_a.*\\\\.corp\\\\.com\": {\n \"wifi_lab_ssid\": \"ssid_a\",\n \"wifi_lab_pwd\": \"secret_a\"\n },\n \"host_b.*\\\\.corp\\\\.com\": {\n \"wifi_lab_ssid\": \"ssid_b\",\n \"wifi_lab_pwd\": \"secret_b\"\n }\n }\n\nThe key of an entry in the file is a regular expression (regex) pattern for the\nhostname and the value is the set of key-value pairs for any host with a\nmatching hostname.\n\nThen update your TF global configuration file to include the host-based keystore\nfile: \n\n \u003ckey_store class=\"com.android.tradefed.util.keystore.JSONFileKeyStoreFactory\"\u003e\n \u003coption name=\"json-key-store-file\" value=\"/path/to/keystore.json\" /\u003e\n \u003coption name=\"host-based-key-store-file\" value=\"/path/to/keystore-ssid.json\" /\u003e\n \u003c/key_store\u003e\n\nThe value of a key defined in a host-based keystore file overrides that defined\nin the keystore file specified with `json-key-store-file`.\n\nWhen multiple host-based keystore files are present in the keystore, the order\nmatters. If the value for a key is defined in multiple files, the value in the\nlast such file overrides the rest."]]
