Skip to main content

Masked Settings

It is a common security practice to never log sensitive data. To support this practice, Gwen will hide all settings that you flag as "masked" by logging their values as ●●●●● in all logs, reports, error messages and console outputs.

Flagging masked settings#

To flag a setting as masked, append :masked to its defined name.

For example, to mask a custom property named user.password, define it as follows in your settings file:

  user.password\:masked = secret

Note: You will need to escape : as \: in properties files

Alternatively, you can pass a masked setting directly to the Gwen CLI as a system property if you don't wish to store it in a file:

-Duser.password:masked=secret

Using masked settings#

To use a masked setting, just reference it anywhere you need to using it's name (excluding the :masked suffix).

Example:

  When I enter "${user.password}" in the password field

When evaluated, the above will be logged as follows in all outputs:

  When I enter "●●●●●" in the password field
caution

It is your resposibility to enter sensitive data such as passwords into password protected fields to prevent them from being displayed in the browser.

Custom mask character#

You can change the default mask character from to another character of your choice by assigning it to the gwen.mask.char setting.