From 5fb856988fea4466f2eb6ad43eced969d4a0399e Mon Sep 17 00:00:00 2001 From: Ji Lu Date: Wed, 18 Sep 2019 11:44:53 -0500 Subject: [PATCH 1/9] MQE-1671: document using credentials with vault in MFTF tests --- docs/configuration.md | 26 +++++++++ docs/credentials.md | 124 ++++++++++++++++++++++++++++++++++-------- 2 files changed, 128 insertions(+), 22 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 9d87e0735..a768c76dd 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -251,6 +251,32 @@ Example: BROWSER=firefox ``` +###CREDENTIAL_VAULT_ADDRESS + +Api address for vault server. + +Default: http://127.0.0.1:8200 + +Example: + +```conf +# Default api address for local vault dev server +CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 +``` + +###CREDENTIAL_VAULT_SECRET_BASE_PATH + +Vault secret engine base path. + +Default: secret + +Example: + +```conf +# Default base path for kv secret engine in local vault dev server +CREDENTIAL_VAULT_SECRET_BASE_PATH=secret +``` + [`MAGENTO_CLI_COMMAND_PATH`]: #magento_cli_command_path diff --git a/docs/credentials.md b/docs/credentials.md index 7afa9b805..a79f64aec 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -1,8 +1,11 @@ # Credentials -When you test functionality that involves external services such as UPS, FedEx, PayPal, or SignifyD, use the MFTF credentials feature to hide sensitive [data][] like integration tokens and API keys. +When you test functionality that involves external services such as UPS, FedEx, PayPal, or SignifyD, +use the MFTF credentials feature to hide sensitive [data][] like integration tokens and API keys. -## Define sensitive data in `.credentials` +Currently MFTF supports two types of credential storage: **.credentials file** and **HashiCorp vault**. + +# Configure File Storage The MFTF creates a sample file for credentials during [initial setup][]: `magento2/dev/tests/acceptance/.credentials.example`. The file contains an example list of keys for fields that can require credentials. @@ -33,49 +36,119 @@ The command outputs the path if the file is excluded: .credentials ``` -### Define sensitive data +### Define sensitive data in `.credentials` file -Open the `.credentials` file, uncomment the fields you want to use, and add your values: +Open the `.credentials` file, for Magento core credentials, uncomment the fields you want to use, and add your values: -```config +```conf ... # Credentials for the USPS service -carriers_usps_userid=test_user -carriers_usps_password=Lmgxvrq89uPwECeV +magento/carriers_usps_userid=usps_test_user +magento/carriers_usps_password=Lmgxvrq89uPwECeV # Credentials for the DHL service -#carriers/dhl/id_us= -#carriers/dhl/password_us= +#magento/carriers_dhl_id_us=dhl_test_user +#magento/carriers_dhl_password_us=Mlgxv3dsagVeG .... +``` + +Or add new key & value pairs for your own credentials. The keys use the following format: + +```conf +/= ```
-The `/` symbol is not supported in a key name. +The `/` symbol is not supported in a `key_name` other than the one after your vendor or extension name.
- -You are free to use any other keys you like, as they are merely the keys to reference from your tests. + +Otherwise you are free to use any other `key_name` you like, as they are merely the keys to reference from your tests. ```conf # Credentials for the MyAwesome service -my_awesome_service_token=rRVSVnh3cbDsVG39oTMz4A +vendor/my_awesome_service_token=rRVSVnh3cbDsVG39oTMz4A +``` -# Credentials for the USPS service -carriers_usps_userid=test_user -carriers_usps_password=Lmgxvrq89uPwECeV -.... +# Configure Vault Storage + +Hashicorp vault secures, stores, and tightly controls access to data in modern computing. +It provides advanced data protection for your testing credentials. + +MFTF works with both `vault enterprise` and `vault open source` that use `KV Version 2` secret engine. + +### Install vault CLI + +Download and install vault CLI tool if you want to run or develop MFTF tests locally. [Download Vault][Download Vault] + +### Authenticate to vault via vault CLI + +Authenticate to vault server via vault CLI tool. [Login Vault][Login Vault] + +```terminal +vault login -method -path ``` +**Do not** use `-no-store` command option, as MFTF will rely on the persisted token in the token helper +(usually the local filesystem) for future api requests. + +### Store secrets in vault + +MFTF uses `KV Version 2` secret engine for secret storage. +More information for working with `KV Version 2` can be found in [Vault KV2][Vault KV2]. + +#### Secrets path and key convention + +The path and key for secret data must follow: + +```conf +/mftf// +``` + +```conf +# Secret path and key for carriers_usps_userid +secret/mftf/magento/carriers_usps_userid + +# Secret path and key for carriers_usps_password +secret/mftf/magento/carriers_usps_password +``` + +#### Write secrets to vault + +You can use vault CLI or Api to write secret data (credentials, etc) to vault. Here is a CLI example: + +```terminal +vault kv put secret/mftf/magento/carriers_usps_userid carriers_usps_userid=usps_test_user +vault kv put secret/mftf/magento/carriers_usps_password carriers_usps_password=Lmgxvrq89uPwECeV +``` + +### Setup MFTF to use vault + +Add vault configuration environment variables [`CREDENTIAL_VAULT_ADDRESS`][] and [`CREDENTIAL_VAULT_SECRET_BASE_PATH`][] +from `etc/config/.env.example` in `.env`. +Set values according to your vault server configuration. + +```conf +# Default vault dev server +CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 +CREDENTIAL_VAULT_SECRET_BASE_PATH=secret +``` + +# Configure both File Storage and Vault Storage + +It's possible and sometimes useful to setup and use both `.credentials` file and vault for secret storage at the same time. +In this case, MFTF tests are able to read secret data at runtime from both storage, and local `.credentials` file will take precedence. -## Use credentials in a test +# Use credentials in a test + +Credentials can be used in actions: [`fillField`][], [`magentoCLI`][], and [`createData`][]. -Access the data defined in the `.credentials` file using the [`fillField`][] action with the `userInput` attribute. -Define the value as a reference to the corresponding key in the credentials file such as `{{_CREDS.my_data_key}}`: +Define the value as a reference to the corresponding key in the credentials file or vault such as `{{_CREDS.my_data_key}}`: - `_CREDS` is an environment constant pointing to the `.credentials` file - `my_data_key` is a key in the the `.credentials` file that contains the value to be used in a test step -For example: +For example, reference secret data in the [`fillField`][] action with the `userInput` attribute. ```xml @@ -88,13 +161,20 @@ For example: The generated tests do not contain credentials values. The MFTF dynamically retrieves, encrypts, and decrypts the sensitive data during test execution. Decrypted credentials do not appear in the console, error logs, or [test reports][]. -The decrypted values are only available in the `.credentials` file. +The decrypted values are only available in the `.credentials` file or within vault.
The MFTF tests delivered with Magento application do not use credentials and do not cover external services, because of sensitivity of the data.
[`fillField`]: test/actions.md#fillfield +[`magentoCLI`]: test/actions.md#magentocli +[`createData`]: test/actions.md#createdata [data]: data.md [initial setup]: getting-started.md [test reports]: reporting.md +[Download Vault]: https://www.hashicorp.com/products/vault/ +[Login Vault]: https://www.vaultproject.io/docs/commands/login.html +[Vault KV2]: https://www.vaultproject.io/docs/secrets/kv/kv-v2.html +[`CREDENTIAL_VAULT_ADDRESS`]: configuration.md#CREDENTIAL_VAULT_ADDRESS +[`CREDENTIAL_VAULT_SECRET_BASE_PATH`]: configuration.md#CREDENTIAL_VAULT_SECRET_BASE_PATH From ff17f040f877055dd3d25e3ef0639fa58d976208 Mon Sep 17 00:00:00 2001 From: Donald Booth Date: Wed, 18 Sep 2019 14:05:44 -0500 Subject: [PATCH 2/9] Formatting --- docs/configuration.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index a768c76dd..2552119f6 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -234,8 +234,8 @@ It points to `MAGENTO_BASE_URL` + `dev/tests/acceptance/utils/command.php` Modify the default value: -- for non-default Magento installation -- when use a subdirectory in the `MAGENTO_BASE_URL` +- for non-default Magento installation +- when use a subdirectory in the `MAGENTO_BASE_URL` Example: `dev/tests/acceptance/utils/command.php` @@ -251,9 +251,9 @@ Example: BROWSER=firefox ``` -###CREDENTIAL_VAULT_ADDRESS +### CREDENTIAL_VAULT_ADDRESS -Api address for vault server. +The Api address for a vault server. Default: http://127.0.0.1:8200 @@ -264,7 +264,7 @@ Example: CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 ``` -###CREDENTIAL_VAULT_SECRET_BASE_PATH +### CREDENTIAL_VAULT_SECRET_BASE_PATH Vault secret engine base path. @@ -282,4 +282,4 @@ CREDENTIAL_VAULT_SECRET_BASE_PATH=secret [`MAGENTO_CLI_COMMAND_PATH`]: #magento_cli_command_path [generateDate]: test/actions.md#generatedate [mftf]: commands/mftf.md -[timezones]: http://php.net/manual/en/timezones.php \ No newline at end of file +[timezones]: http://php.net/manual/en/timezones.php From e73f8b8b5deeb124f9b0efe9c01e23036b34c7cb Mon Sep 17 00:00:00 2001 From: Donald Booth Date: Wed, 18 Sep 2019 14:32:21 -0500 Subject: [PATCH 3/9] First update --- docs/credentials.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/credentials.md b/docs/credentials.md index a79f64aec..e456ca3de 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -5,12 +5,12 @@ use the MFTF credentials feature to hide sensitive [data][] like integration tok Currently MFTF supports two types of credential storage: **.credentials file** and **HashiCorp vault**. -# Configure File Storage +#3 Configure File Storage The MFTF creates a sample file for credentials during [initial setup][]: `magento2/dev/tests/acceptance/.credentials.example`. The file contains an example list of keys for fields that can require credentials. -### Create `.credentials` +## Create `.credentials` To make the MFTF process the file with credentials, change directories to `magento2/dev/tests/acceptance/` and copy `.credentials.example` to `.credentials`. @@ -22,7 +22,7 @@ cd dev/tests/acceptance/ cp .credentials.example .credentials ``` -### Add `.credentials` to `.gitignore` +## Add `.credentials` to `.gitignore` Verify that the file is excluded from tracking by `.gitignore` (unless you need this behavior): @@ -36,7 +36,7 @@ The command outputs the path if the file is excluded: .credentials ``` -### Define sensitive data in `.credentials` file +## Define sensitive data in `.credentials` file Open the `.credentials` file, for Magento core credentials, uncomment the fields you want to use, and add your values: @@ -69,14 +69,14 @@ Otherwise you are free to use any other `key_name` you like, as they are merely vendor/my_awesome_service_token=rRVSVnh3cbDsVG39oTMz4A ``` -# Configure Vault Storage +## Configure Vault Storage Hashicorp vault secures, stores, and tightly controls access to data in modern computing. It provides advanced data protection for your testing credentials. MFTF works with both `vault enterprise` and `vault open source` that use `KV Version 2` secret engine. -### Install vault CLI +## Install vault CLI Download and install vault CLI tool if you want to run or develop MFTF tests locally. [Download Vault][Download Vault] @@ -95,7 +95,7 @@ vault login -method -path MFTF uses `KV Version 2` secret engine for secret storage. More information for working with `KV Version 2` can be found in [Vault KV2][Vault KV2]. -#### Secrets path and key convention +### Secrets path and key convention The path and key for secret data must follow: @@ -111,7 +111,7 @@ secret/mftf/magento/carriers_usps_userid secret/mftf/magento/carriers_usps_password ``` -#### Write secrets to vault +### Write secrets to vault You can use vault CLI or Api to write secret data (credentials, etc) to vault. Here is a CLI example: @@ -132,14 +132,14 @@ CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 CREDENTIAL_VAULT_SECRET_BASE_PATH=secret ``` -# Configure both File Storage and Vault Storage +## Configure both File Storage and Vault Storage -It's possible and sometimes useful to setup and use both `.credentials` file and vault for secret storage at the same time. +It is possible and sometimes useful to setup and use both `.credentials` file and vault for secret storage at the same time. In this case, MFTF tests are able to read secret data at runtime from both storage, and local `.credentials` file will take precedence. -# Use credentials in a test +## Use credentials in a test Credentials can be used in actions: [`fillField`][], [`magentoCLI`][], and [`createData`][]. From f980fe69a27bc8269764fc225570b6e26a6ca6d8 Mon Sep 17 00:00:00 2001 From: Donald Booth Date: Wed, 18 Sep 2019 15:24:12 -0500 Subject: [PATCH 4/9] Formatting --- docs/credentials.md | 42 +++++++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/docs/credentials.md b/docs/credentials.md index e456ca3de..e40620d84 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -3,16 +3,19 @@ When you test functionality that involves external services such as UPS, FedEx, PayPal, or SignifyD, use the MFTF credentials feature to hide sensitive [data][] like integration tokens and API keys. -Currently MFTF supports two types of credential storage: **.credentials file** and **HashiCorp vault**. +Currently the MFTF supports two types of credential storage: -#3 Configure File Storage +- **.credentials file** +- **HashiCorp vault**. + +## Configure File Storage The MFTF creates a sample file for credentials during [initial setup][]: `magento2/dev/tests/acceptance/.credentials.example`. The file contains an example list of keys for fields that can require credentials. -## Create `.credentials` +### Create `.credentials` -To make the MFTF process the file with credentials, change directories to `magento2/dev/tests/acceptance/` and copy `.credentials.example` to `.credentials`. +To make the MFTF process the file with credentials, in the command line, nvaigate to `magento2/dev/tests/acceptance/` and rename `.credentials.example` to `.credentials`. ```bash cd dev/tests/acceptance/ @@ -22,7 +25,7 @@ cd dev/tests/acceptance/ cp .credentials.example .credentials ``` -## Add `.credentials` to `.gitignore` +### Add `.credentials` to `.gitignore` Verify that the file is excluded from tracking by `.gitignore` (unless you need this behavior): @@ -36,9 +39,9 @@ The command outputs the path if the file is excluded: .credentials ``` -## Define sensitive data in `.credentials` file +### Define sensitive data in the `.credentials` file -Open the `.credentials` file, for Magento core credentials, uncomment the fields you want to use, and add your values: +Open the `.credentials` file and, for Magento core credentials, uncomment the fields you want to use and add your values: ```conf ... @@ -74,30 +77,30 @@ vendor/my_awesome_service_token=rRVSVnh3cbDsVG39oTMz4A Hashicorp vault secures, stores, and tightly controls access to data in modern computing. It provides advanced data protection for your testing credentials. -MFTF works with both `vault enterprise` and `vault open source` that use `KV Version 2` secret engine. +The MFTF works with both `vault enterprise` and `vault open source` that use `KV Version 2` secret engine. -## Install vault CLI +### Install vault CLI Download and install vault CLI tool if you want to run or develop MFTF tests locally. [Download Vault][Download Vault] ### Authenticate to vault via vault CLI -Authenticate to vault server via vault CLI tool. [Login Vault][Login Vault] +Authenticate to vault server via the vault CLI tool: [Login Vault][Login Vault]. -```terminal +```bash vault login -method -path ``` -**Do not** use `-no-store` command option, as MFTF will rely on the persisted token in the token helper -(usually the local filesystem) for future api requests. + +**Do not** use `-no-store` command option, as the MFTF will rely on the persisted token in the token helper (usually the local filesystem) for future API requests. ### Store secrets in vault -MFTF uses `KV Version 2` secret engine for secret storage. +The MFTF uses the `KV Version 2` secret engine for secret storage. More information for working with `KV Version 2` can be found in [Vault KV2][Vault KV2]. ### Secrets path and key convention -The path and key for secret data must follow: +The path and key for secret data must follow the format: ```conf /mftf// @@ -113,9 +116,9 @@ secret/mftf/magento/carriers_usps_password ### Write secrets to vault -You can use vault CLI or Api to write secret data (credentials, etc) to vault. Here is a CLI example: +You can use vault CLI or API to write secret data (credentials, etc) to vault. Here is a CLI example: -```terminal +```bash vault kv put secret/mftf/magento/carriers_usps_userid carriers_usps_userid=usps_test_user vault kv put secret/mftf/magento/carriers_usps_password carriers_usps_password=Lmgxvrq89uPwECeV ``` @@ -135,7 +138,7 @@ CREDENTIAL_VAULT_SECRET_BASE_PATH=secret ## Configure both File Storage and Vault Storage It is possible and sometimes useful to setup and use both `.credentials` file and vault for secret storage at the same time. -In this case, MFTF tests are able to read secret data at runtime from both storage, and local `.credentials` file will take precedence. +In this case, the MFTF tests are able to read secret data at runtime from both storage options, but the local `.credentials` file will take precedence. @@ -164,7 +167,8 @@ Decrypted credentials do not appear in the console, error logs, or [test reports The decrypted values are only available in the `.credentials` file or within vault.
-The MFTF tests delivered with Magento application do not use credentials and do not cover external services, because of sensitivity of the data.
+The MFTF tests delivered with Magento application do not use credentials and do not cover external services, because of sensitivity of the data. + [`fillField`]: test/actions.md#fillfield From 2e228d002e3ab635101e5cefada04cb8af36b5e1 Mon Sep 17 00:00:00 2001 From: Donald Booth Date: Wed, 18 Sep 2019 15:27:21 -0500 Subject: [PATCH 5/9] Formatting --- docs/configuration.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index 2552119f6..d4b86055a 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -1,7 +1,7 @@ # Configuration The `*.env` file provides additional configuration for the Magento Functional Testing Framework (MFTF). -To run the MFTF on your Magento testing instance, specify the basic configuration values. +To run the MFTF on your Magento instance, specify the basic configuration values. Advanced users can create custom configurations based on requirements and environment. ## Basic configuration @@ -204,7 +204,7 @@ Example: FW_BP=~/magento/magento2-functional-testing-framework ``` -#### TESTS_MODULE_PATH +## TESTS_MODULE_PATH The path to where the MFTF modules mirror Magento modules. @@ -239,7 +239,7 @@ Modify the default value: Example: `dev/tests/acceptance/utils/command.php` -### BROWSER +## BROWSER Override the default browser performing the tests. @@ -251,7 +251,7 @@ Example: BROWSER=firefox ``` -### CREDENTIAL_VAULT_ADDRESS +## CREDENTIAL_VAULT_ADDRESS The Api address for a vault server. @@ -264,7 +264,7 @@ Example: CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 ``` -### CREDENTIAL_VAULT_SECRET_BASE_PATH +## CREDENTIAL_VAULT_SECRET_BASE_PATH Vault secret engine base path. From 627b0ee5ca55b13d65e6ea634ba049604b0960d6 Mon Sep 17 00:00:00 2001 From: Ji Lu Date: Wed, 18 Sep 2019 15:43:53 -0500 Subject: [PATCH 6/9] MQE-1671: document using credentials with vault in MFTF tests --- docs/configuration.md | 8 ++++---- docs/credentials.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/configuration.md b/docs/configuration.md index d4b86055a..c741e2f60 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -204,7 +204,7 @@ Example: FW_BP=~/magento/magento2-functional-testing-framework ``` -## TESTS_MODULE_PATH +### TESTS_MODULE_PATH The path to where the MFTF modules mirror Magento modules. @@ -239,7 +239,7 @@ Modify the default value: Example: `dev/tests/acceptance/utils/command.php` -## BROWSER +### BROWSER Override the default browser performing the tests. @@ -251,7 +251,7 @@ Example: BROWSER=firefox ``` -## CREDENTIAL_VAULT_ADDRESS +### CREDENTIAL_VAULT_ADDRESS The Api address for a vault server. @@ -264,7 +264,7 @@ Example: CREDENTIAL_VAULT_ADDRESS=http://127.0.0.1:8200 ``` -## CREDENTIAL_VAULT_SECRET_BASE_PATH +### CREDENTIAL_VAULT_SECRET_BASE_PATH Vault secret engine base path. diff --git a/docs/credentials.md b/docs/credentials.md index e40620d84..01254a818 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -98,7 +98,7 @@ vault login -method -path The MFTF uses the `KV Version 2` secret engine for secret storage. More information for working with `KV Version 2` can be found in [Vault KV2][Vault KV2]. -### Secrets path and key convention +#### Secrets path and key convention The path and key for secret data must follow the format: @@ -114,7 +114,7 @@ secret/mftf/magento/carriers_usps_userid secret/mftf/magento/carriers_usps_password ``` -### Write secrets to vault +#### Write secrets to vault You can use vault CLI or API to write secret data (credentials, etc) to vault. Here is a CLI example: From b5aa05a668e2d38169321956f8574f07486cf77a Mon Sep 17 00:00:00 2001 From: Ji Lu Date: Wed, 18 Sep 2019 15:46:42 -0500 Subject: [PATCH 7/9] MQE-1671: document using credentials with vault in MFTF tests --- docs/credentials.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/credentials.md b/docs/credentials.md index 01254a818..c12303ceb 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -6,7 +6,7 @@ use the MFTF credentials feature to hide sensitive [data][] like integration tok Currently the MFTF supports two types of credential storage: - **.credentials file** -- **HashiCorp vault**. +- **HashiCorp vault** ## Configure File Storage From 3c3f2ce6b7e1e2bb8b46f2418e0c8136a4b74b31 Mon Sep 17 00:00:00 2001 From: Ji Lu Date: Wed, 18 Sep 2019 15:47:57 -0500 Subject: [PATCH 8/9] MQE-1671: document using credentials with vault in MFTF tests --- docs/credentials.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/credentials.md b/docs/credentials.md index c12303ceb..3a9692796 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -15,7 +15,7 @@ The file contains an example list of keys for fields that can require credential ### Create `.credentials` -To make the MFTF process the file with credentials, in the command line, nvaigate to `magento2/dev/tests/acceptance/` and rename `.credentials.example` to `.credentials`. +To make the MFTF process the file with credentials, in the command line, navigate to `magento2/dev/tests/acceptance/` and rename `.credentials.example` to `.credentials`. ```bash cd dev/tests/acceptance/ From 902bad6d1a40cebe7f717f49235f43217ad038e8 Mon Sep 17 00:00:00 2001 From: Ji Lu Date: Wed, 18 Sep 2019 15:52:20 -0500 Subject: [PATCH 9/9] MQE-1671: document using credentials with vault in MFTF tests --- docs/credentials.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/credentials.md b/docs/credentials.md index 3a9692796..4b1e2cc2d 100644 --- a/docs/credentials.md +++ b/docs/credentials.md @@ -149,7 +149,7 @@ Credentials can be used in actions: [`fillField`][], [`magentoCLI`][], and [`cre Define the value as a reference to the corresponding key in the credentials file or vault such as `{{_CREDS.my_data_key}}`: - `_CREDS` is an environment constant pointing to the `.credentials` file -- `my_data_key` is a key in the the `.credentials` file that contains the value to be used in a test step +- `my_data_key` is a key in the the `.credentials` file or vault that contains the value to be used in a test step For example, reference secret data in the [`fillField`][] action with the `userInput` attribute.