What can PHP-VCR users do to prevent passwords being saved? #174
Comments
|
@RichardBradley thanks for you concern about it. Currently there is no PR opened for it, the specific time for new feature comes after we clean all current issues and opened PR's. Of course you can open a PR to fix that for us and then I'll gladly check it! Are you willing to do this? I you want you can make some kind of encryption on the files and decrypt them in the CI environment, but it won't make the tests run the same for the other developers. I can also imagine you have some kind of shared API keys between the team members in the project? Like a test API or some other way to allow people to develop into it. Those are the things I can think now, I hope you can find a way! |
|
A nice way to do it might be to "scrub" any variables from requests that are found in .env and replace them with references to that |
|
One way is to add listener for the VCR::getEventDispatcher()->addListener(VCREvents::VCR_BEFORE_RECORD, array($this, 'cleanRequest'));The
public function cleanRequest(Event $event, $eventName)
{
$request = $event->getRequest();
// Do something with the request, like remove headers
}Hope this helps. |
|
Here's a quick and dirty solution that works for my use cases. |
|
For anyone searching for this, I've got a PR #344 submitted. Reviews/comments welcome. |
My API passwords are being saved to the "cassette" files by PHP-VCR.
This is a big problem for me, as I'd like to use PHP-VCR to help automate my tests, but I don't want to commit my API passwords to my source control.
The PHP-VCR website says:
... but I can't see an open issue tracking the implementation of this feature.
Thanks
The text was updated successfully, but these errors were encountered: