Skip to main content

Masked Settings

Since v2.48.0

It is a common security practice to never log sensitive data. To support this practice, Gwen will hide all settings that you flag as "masked" by logging their values as ***** in all logs, reports, error messages and console outputs.

Flagging masked settings

To flag a setting as masked, append :masked to its defined name.

For example, to mask a custom property named user.password, define it as follows in your settings file:

  user {
"password:masked" = "secret"
}

Alternatively, you can pass a masked setting directly to the Gwen CLI as a system property if you don't wish to store it in a file:

-Duser.password:masked=secret

Using masked settings

To use a masked setting, just reference it anywhere you need to using it's name (excluding the :masked suffix).

Example:

  When I enter "${user.password}" in the password field

When evaluated, the above will be logged as follows in all outputs:

  When I enter "*****" in the password field
Sample outputs

Console output

Example masked setting logged to console

HTML report output

Example masked setting logged to HTML report

caution

It is your resposibility to enter sensitive data such as passwords into password protected fields to prevent them from being displayed in the browser.

Custom mask character

You can change the default mask character from * to another character of your choice by assigning it to the gwen.mask.char setting.