Join 34,000+ subscribers and receive articles from our blog about software quality, testing, QA and security.

Custom Plug-In Cert/Key: Best Practices?



We have created a customized defect plugin to securely connect to another custom-built bug reporting web service.

The functionality of our plug-in is working just fine, but was wondering about your recommendations on storing a client (the “client” being TestRail webserver in this case (!) to connect to that external web service) certificate/key for this custom plug-in to use. There may be some security concerns about a TestRail PHP file, that is ‘browsable’ via a regular web browser and visibility into certificate information, etc.

Thoughts on best practices? Thank you.