{"id":10528,"date":"2023-05-03T09:19:48","date_gmt":"2023-05-03T13:19:48","guid":{"rendered":"https:\/\/www.redline13.com\/blog\/?p=10528"},"modified":"2023-06-22T14:15:08","modified_gmt":"2023-06-22T18:15:08","slug":"protecting-sensitive-data-in-jmeter-load-tests","status":"publish","type":"post","link":"https:\/\/www.redline13.com\/blog\/2023\/05\/protecting-sensitive-data-in-jmeter-load-tests\/","title":{"rendered":"Protecting Sensitive Data in JMeter Load Tests"},"content":{"rendered":"

One of the primary functions of a load test is to vet target test applications to see how well they can hold up to production conditions. In that endeavor it is sometimes necessary to provide login credentials and other protected information to be used in conjunction with these tests. This can present a challenge in protecting sensitive data when load testing in the cloud. In this post, we will cover how to test with JMeter<\/a> in the cloud using sensitive data.<\/p>\n

\"How<\/p>\n

<\/a>What Constitutes Sensitive Data?<\/h3>\n

Any form of login credentials, access keys, or tokens meets the definition of sensitive data. Furthermore, source data such as CSV<\/a> or other data files included in your test can also be considered sensitive data depending on the content. Your test results (depending on what information is captured) can also fall under this category. Thankfully RedLine13 has provisions to keep all of this information private and protected.<\/p>\n

<\/a>How to Secure Sensitive Data on RedLine13<\/h3>\n

We offer several ways to protect sensitive data within your JMeter load tests, but the common principle to these is separation of your data in a secure storage technology. In a previous post<\/a>, we reviewed how to set up Remote Sources<\/em> in your RedLine13 account. Once this is set up, you can reference Extra Files<\/em> attachments that exist in AWS S3<\/a> or remote Git<\/a> repositories. Here is an example of how that might be configured for a CSV file attachment:<\/p>\n

\"Setting<\/p>\n

Another way this might be utilized is as a credential store. For instance, you may need access tokens to a third party service (such as Azure Cloud Storage<\/em><\/a>). Using remote sources, you can securely store access credentials or tokens to these third party resources. This would also be considered a best practice security approach, as access can be modified or revoked independent of your JMeter test plan file.<\/p>\n

<\/a>Following Security Best Practices<\/h3>\n

Any sensitive data is only as secure as the weakest link in its chain of protections. While not a comprehensive list, it is advisable that you follow at least the following best security practices for any sensitive data included in your tests:<\/p>\n