Masked Settings

Since v2.48.0

It is a common security practice to never log sensitive data. To support this practice, Gwen will hide all settings that you flag as "masked" by logging their values as ***** in all logs, reports, error messages and console outputs.

Flagging masked settings

To flag a setting as masked, append :masked to its defined name.

For example, to access a password stored in an environemnt variable named USER_PASSOWRD, you can read it into a masked setting named user.password as follows:

.conf
.json
.properties

  user {
    "password:masked" = "${env.USER_PASSWORD}"
  }

  {
    "user": {
      "password:masked": "${env.USER_PASSWORD}"
    }
  }

  user.password\:masked = ${env.USER_PASSWORD}

Note: You will need to escape : as \: in properties files

Using masked settings

To use a masked setting, just reference it anywhere you need to using it's name (excluding the :masked suffix).

Example:

  When I enter "${user.password}" in the password field

When evaluated, the above will be logged as follows in all outputs:

  When I enter "*****" in the password field

Sample outputs

Console output

Example masked setting logged to console

HTML report output

Example masked setting logged to HTML report

caution

It is your resposibility to enter sensitive data such as passwords into password protected fields to prevent them from being displayed in the browser.

Custom mask character

You can change the default mask character from * to another character of your choice by assigning it to the gwen.mask.char setting.

Masked Settings

Flagging masked settings​

Using masked settings​

Custom mask character​

Flagging masked settings

Using masked settings

Custom mask character