We have created a customized defect plugin to securely connect to another custom-built bug reporting web service.
The functionality of our plug-in is working just fine, but was wondering about your recommendations on storing a client (the “client” being TestRail webserver in this case (!) to connect to that external web service) certificate/key for this custom plug-in to use. There may be some security concerns about a TestRail PHP file, that is ‘browsable’ via a regular web browser and visibility into certificate information, etc.
Thoughts on best practices? Thank you.