Skip to main content

Environment.yml file

Most API endpoints require some form of user/client authentication. In addition, API endpoints may also enforce granular authorization controls on users/clients using role based access control (RBAC) mechanisms.

Effective security testing requires providing valid users and their respective authentication credentials to Levo's autogenerated Test Plans.

This information can be provided in a secure, and structured manner via an environment.yml file.

How do I use environment.yml file?

The environment.yml file is autogenerated per Test Plan, and needs to be completed with appropriate user/authentication information, prior to the execution of the Test Plan.

The completed file is provided as an argument to the CLI. The CLI uses the credentials to access the target APIs and evaluate their security posture.

Are my secrets sent to Levo SaaS?

The environment.yml file contains secrets and is never sent to, or stored in Levo SaaS. This file is solely consumed by the CLI, and Levo SaaS does not have access to your secrets.

Please treat this file securely, and take all precautions necessary for handling secrets.

Tell me more

You can find more information on providing authentication/authorization information for tests here