Testing Inertia with Dusk
This episode is for members only

Sign up to access "Testing Inertia with Dusk" right now.

Get started
Already a member? Sign in to continue
Playing
21. Storing secrets securely

Episodes

0%
Your progress
  • Total: 2h 53m
  • Played: 0m
  • Remaining: 2h 53m
Join or sign in to track your progress

Transcript

00:00
We've already established that having secret keys within your env files for our dusk environment and committing them to a repository is not a great idea. Now because we now have a real working
00:12
example of using say a third-party API key we're going to use this some secret value and write a test to make sure we can see this on the page and then we're going to push this up to github actions and set the secret key secretly and genuinely secretly within github actions. Okay so to demonstrate this I'm going to come over to the dashboard and I'm going to output this value
00:36
in here so let's say secret key and we're going to have the secret key over on our dashboard. Now obviously you wouldn't do this but really we're just getting to the point where we want to be able to see this secret key somewhere and I'm not actually going to do that in the title I'm going to do that down here so let's say secret key and x and we will output this here. Okay so over in
00:59
our web roots let's find our dashboard just here and let's go ahead and pass this down. Now just for the sake of keeping with good practice here I'm going to create a config file out for this so let's go into config and we'll just create a file in here called secret.php and let's go ahead and return our secret key in here so let's say key and we'll pull this from our env file. It's always
01:24
a good idea not to read environment files directly so we're going to say some secret and now we can reference this over in here so we'll say secret key config and secret.key and then we can go ahead and output that over on our dashboard. Okay so we'll go ahead and define our props out here secret what do we call that underscore key and let's call that secret key with this casing
01:54
and that's going to be a string so let's change that to secret key and we'll just dump it out on the page and then we're done and we can write a really quick test to verify that we can see this which is pretty much just simulating the fact that we can use a secret key within a service somewhere. Okay let's go over then and write a test for this really quickly so let's make out a test
02:16
so dusk make let's call this secret key test and let's open that up and all we want to do here is test it shows a secret key and we want to browse and visit the dashboard either manually typing that and we want to assert we see secret key and then we want to tack on config secret and key. Okay let's run this test in isolation and obviously if we get rid of this from our
02:51
environment file when we push up to github actions it's not going to show this correctly and with that in mind we actually want to hard code this in here because otherwise it's just going to replicate the value so let's just make sure yeah that's def let's go ahead and run this test so php artisan pest and we will filter this down to that test and we should see it
03:13
and obviously we need to be logged in yeah okay let's get this sorted really quickly and then we can move on so app factory and create let's go ahead and log in as this user obviously that page isn't accessible for people who aren't logged in
03:33
and let's try one more time okay great so that is now working all right so just to drill the point across if we go over to emb.dust.local and we get rid of this some secret this test is now going to fail which means that if we don't include these now environment variables inside of our dust.ci file this is going to fail the test basically this value isn't going to be available
03:57
but we do need it available but not within this file okay so now that we've done this let's go ahead and just push this up so let's say git add commit dusk actions and we will push this to the my app origin and let's go ahead and open this up and see what happens so let's go back over to our actions over to dusk actions and this should work but then we're going to go ahead and get rid of it
04:21
from the dusk.ci file okay so our tests are running you can see that the secret key test is passing let's think about our setup here so we've got env.dust.local now with this specifically we do want to store secret keys so if we go over to git ignore and this won't get rid of it from
04:45
our already committed file but we're going to go ahead and as well as our env file we're also going ignore env.dust.local so we should have really done that earlier at the start of the project but we don't want to push up our local env much like we don't want to push up just our standard env here so the first step is to exclude that we do want to push up the env.dusk.ci file but if we just
05:10
open that up we want to get rid of some secret now if I get rid of some secret from there and then I go ahead and push this arc what's going to happen well when we go ahead and run our test again so if we just go back over to our actions when this one runs now it's not going to find that value so it's not going to see that on the dashboard and I know we're just displaying it on
05:33
the dashboard but we're just kind of simulating this actually being used within our project so I'm going to let these run through we're going to see that this fails and then we're going to look at how we can properly add a secret within github actions so let's just wait for this to run through and we'll cover that next okay so this is starting to run through our tests now let's just wait for
05:54
the secret key test and you can see that fails obviously because that is missing from our environment file which is a good thing so just while this finishes going through we're going to head over to our settings area under the repository that we're working with we're going to come down to secrets and variables under the action setting and we're going to add a new
06:16
repository secret so from here what we can do is any of the files that we were originally adding or any of the environment variables that we were originally adding to here we can now move them over specifically to github so they're not committed within our code itself so I'm going to keep this out of this file because we don't want to commit that and I'm going to add some secret with def
06:40
in here and add it in now this hasn't done much at the moment we've got the secret key in here we can't see it so it can't be viewed we can go ahead and edit it and change the value if we want to but it's now a secret value that's tucked away what we can now do is update our dusk.yaml file to specifically include those within our environment when we run our test so there's a couple of ways
07:05
that we can use these new values that we've added as secrets and probably the easiest one is to provide the env option within our dusk.yaml file in here what we can effectively do is set our environment variables but we can reference the secrets that we've defined within our github account so this means that we don't have to store in here so remember we got rid of it from here
07:28
but we can just define and add it on to our overall environment so this was sum underscore secret and where do we get this value from well we can use double curly braces with a dollar sign we can reference secrets which will contain all of the secrets that we've set over here and we just need to reference it by name when we grab it out now that we've done that when we push this up it's
07:52
going to have that def value as some secret therefore our secret config that we created earlier will return that def value in its key and then of course over in this it will send that down to the view of course we're just using that as an example but this would mean that your entire workflow would then work if you were using any external services okay let's go ahead and commit
08:15
this and push it up and let's go over to our actions and we should see this run through properly so let's give that a refresh and let's go over here and wait for our tests to run just while that's running there are other places you can use this so you can go ahead and use these say in here for your password you wouldn't necessarily do this because this is just pre-configured on the github
08:37
this isn't really a secret but any commands that you run like this or anywhere else that you need to use this in here you can just go ahead and use the same syntax to pluck out those secrets and they'll be in there waiting for you okay so our tests are now running and we should get down to the point where the secret key test is now passing because of course that is now included
08:59
over in our dusk yaml file but it's completely secret so even if our dusk.yaml file was revealed this is hidden behind our github account so use this flow to set any of the additional environments that you need for your dusk tests to actually run of course just make sure you review this just to make sure you're not including any actual secrets in here these are good candidates for things like
09:24
that and of course if you are using a secret key from a external api they're a good candidate for this as well the probably the most important part about this is the gitignore that we added for our local we need the values locally for this to run properly just make sure at the start of your project you gitignore
22 episodes2 hrs 53 mins

Overview

How do you test real flows through your Inertia applications? With end-to-end tests!

In this course, we’ll cover everything you need to know about setting up, writing and running browser-based tests. Once we’re done, we’ll configure CI (Continuous Integration) with GitHub Actions, to run your tests whenever you push new code.

Don’t use Inertia? No worries — there’s plenty to learn about end-to-end tests with Dusk in here too.

Alex Garrett-Smith
Alex Garrett-Smith
Hey, I'm the founder of Codecourse!

Episode discussion

No comments, yet. Be the first!