Environment.yml file
Most API endpoints require some form of user/client authentication. In addition, API endpoints may also enforce granular authorization controls on users/clients using role based access control (RBAC) mechanisms.
Effective security testing requires providing valid users and their respective authentication credentials to Levo's autogenerated Test Plans.
This information can be provided in a secure, and structured manner via an environment.yml
file.
How do I use environment.yml
file?
The environment.yml
file is autogenerated per Test Plan
, and needs to be completed with appropriate user/authentication information, prior to the execution of the Test Plan.
The completed file is provided as an argument to the CLI. The CLI uses the credentials to access the target APIs and evaluate their security posture.
Are my secrets
sent to Levo SaaS?
The environment.yml
file contains secrets
and is never sent to, or stored in Levo SaaS. This file is solely consumed by the CLI, and Levo SaaS does not have access to your secrets.
Please treat this file securely, and take all precautions necessary for handling secrets.
Tell me more
You can find more information on providing authentication/authorization information for tests here