Vault Test Cases – Integrating HashiCorp Vault with TestGrid Real Devices

Overview

This document explains how to securely manage test credentials using HashiCorp Vault and integrate them with TestGrid real device execution using an Appium custom script.
Sensitive data such as usernames and passwords are fetched dynamically from Vault at runtime instead of being hardcoded in test scripts.

Step 1: Create a HashiCorp Account and Vault

1. Sign up at HashiCorp Cloud.
2. Create a new Vault instance.
3. Enable a KV (Key-Value) Secrets Engine.
4. Add secrets (for example):
   • username
   • password
5. Note down the following Vault details:
   • Vault URL
   • Vault Token
   • Namespace (if applicable)
   • Secret path

These values will be required in the automation script.

References

• HashiCorp Vault – Official Documentation
  https://developer.hashicorp.com/vault/docs

• HashiCorp Cloud Platform (HCP)
  https://cloud.hashicorp.com/products/vault

• Vault KV Secrets Engine (Version 2)
  https://developer.hashicorp.com/vault/docs/secrets/kv/kv-v2

Step 2: Configure Vault Access in Code

Add the required HashiCorp Vault SDK imports:

import com.bettercloud.vault.*;
import com.bettercloud.vault.response.LogicalResponse;

Vault Configuration

• The Vault token is read from an environment variable (VAULT_TOKEN) for security.
• If the environment variable is not found, a fallback hardcoded token is used.

String vaultToken = System.getenv("VAULT_TOKEN");
if (vaultToken == null) {
    vaultToken = "Your Vault token";
}

Configure the Vault connection:

VaultConfig config = new VaultConfig()
    .address("https://sample-public-vault.hashicorp.cloud:8200")
    .token(vaultToken)
    .nameSpace("admin/")
    .engineVersion(2)
    .build();

Vault vault = new Vault(config);

LogicalResponse response = vault.logical().read("secrettesting/secretdata");

Map<String, String> credentials = new HashMap<>();
Map<String, String> outer = response.getData();
Object data = outer.get("data");

if (data instanceof Map) {
    ((Map<?, ?>) data).forEach((k, v) ->
        credentials.put(k.toString(), v.toString()));
}

String username = credentials.get("username");
String password = credentials.get("password");

DesiredCapabilities caps = new DesiredCapabilities();
caps.setCapability("deviceName", "deviceName");
caps.setCapability("platformVersion", "platformVersion");
caps.setCapability("platformName", "platformName");
caps.setCapability("automationName", "automationName");
caps.setCapability("udid", "DeviceUDID");
caps.setCapability("tg:userToken", "TGUserToken");
caps.setCapability("systemPort", "systemPort");
caps.setCapability("uiautomator2ServerLaunchTimeout", "90000");
caps.setCapability("appPackage", "com.android.example");
caps.setCapability("appActivity", "com.google.android.apps.example.main");

AndroidDriver<MobileElement> driver =
    new AndroidDriver<>(new URL("appiumURL"), caps);

driver.findElement(By.xpath("//android.widget.EditText[@resource-id='m_login_email']"))
      .sendKeys(username);

driver.findElement(By.xpath("//android.widget.EditText[@resource-id='m_login_password']"))
      .sendKeys(password);

driver.findElement(By.xpath("//android.widget.Button[@text='Log in']")).click();

if (driver != null) {
    driver.quit();
}