使用 VCR 过滤敏感数据 [英] Filtering sensitive data with VCR

问题描述

我正在使用 VCR gem 记录 http 交互并在将来重播它们.我想在 uri 请求中过滤掉我的实际密码值.以下是 uri 的示例:

I'm using VCR gem to record http interactions and replay them in future. I want to filter-out my actual password value in the uri request. Here's sample of what the uri looks like:

http://services.somesite.com/Services.asmx/Cabins
Username=long&Password=john&StartDate=03%2F22%2F2012&EndDate=03%2F29%2F2012

虽然这里提供了解释，但我自己尝试了几次后仍然不确定如何去做:

Though an explanation is provided here, I'm still not sure how to do it after a few attempts myself:

https://www.relishapp.com/myronmarston/vcr/v/2-0-0/docs/configuration/filter-sensitive-data

任何帮助将不胜感激.

推荐答案

VCR.configure do |c|
  c.filter_sensitive_data("<SOMESITE_PASSWORD>") do
    ENV['SOMESITE_PASSWORD']
    # or $credentials['somesite']['password'] or whatever
  end
end

本质上，你给 VCR 一些占位符文本，然后块需要返回真实密码，从任何规范密码存储库"中读取它.

Essentially, you give VCR a bit of placeholder text, and then the block needs to return the real password, reading it from whatever the canonical password "repository" is.

注意，真正的密码只在第一次，当请求被记录时才需要；在随后的运行中，它可以是一个假密码(只要它与发出请求的代码使用的假密码相同).

Note that the real password is only needed the first time, when the request is recorded; on subsequent runs, it can be a fake password (as long as it's the same fake password used by the code making the request).

这篇关于使用 VCR 过滤敏感数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！