Security SSL Client Certificate Secure Security¶ Dynamic Values Security How dynamic values work Obfuscate and encrypt your passwords Share your encryption key with your team For general information about dynamic values and instructions on how to insert them in Paw see the introduction to dynamic values. Dynamic Values for handling sensitive data in Paw. SSL Client CertificateSSL Client Certificate¶ The Certificate Dynamic Value lets you specify a SSL Client Certificate to authenticate with a HTTPS server. For most cases, certificates are setup using the Client Certificate textfield available at the Request Options. Read more about SSL Client Certificates. com.luckymarmot.CertificateDynamicValue Argument: mode: number: ``0`` (PEM)Certificate and Private Key mode (0: Load from PEM string, 1: Load from Certificate Keychain). Currently, when using this from (extension) code, only mode 1 (Load from Keychain) is supported. 0 (PEM) Argument: keychainCertificateName: string: NoneThe Certificate name on Apple Keychain. /** * An example function that creates a new request setting a certificate * from the Keychain. * Only available for Importers extensions (a mutable context). * Only available to set Keychain certificate (not PEM). */ function myCreateRequest(context){ var dv = new DynamicValue('com.luckymarmot.CertificateDynamicValue', { mode: 1 /* Load from Keychain (only supported) */, keychainCertificateName: 'TESTING USER A' }); var request = context.getCurrentRequest(); request.clientCertificate = DynamicString(dv); return request; }; SecureSecure¶ The Secure Dynamic Value lets you safely store sensitive data (passwords, secret keys, etc). Sensitive data can be fetched from Keychain or stored encrypted inline. Sensitive Fields¶ The Secure Dynamic Value functionality is built-in on known fields where security is desirable. The following fields are supported out-of-the-box: Password fields (Basic Auth) Consumer Secrets (OAuth1) Token Secrets (OAuth1) Consumer Private Key (OAuth1 RSA keys) Client Secret (OAuth2) Password (OAuth2) Token (OAuth2) Refresh Token (OAuth2) Secret Access Key ID (S3) Other Text Fields¶ A Secure Dynamic Value can be added to any text field to secure sensitive data. Managing Encryption Keys¶ Encryption keys can be managed using the dialog available from the File > Encryption menu. Change Document Encryption Key¶ Select one of the available keys on the popup under “Document Encryption Key”. Encrypted values in this document will be reencrypted with this new key, no data will be lost. Add/Edit/Default Encryption Keys¶ Use the table under “Available Encryption Keys”: +: create a new encryption key -:remove selected encryption key radio button click: mark encryption key as default key name double-click: rename encryption key Sharing¶ A document encryption key can be shared with team members by exporting it to a .keychain file. Likewise, document encryption key can be also imported. .keychain files are password-protected. com.luckymarmot.SecureDynamicValue Argument: mode: number: ``0`` (Encrypted)Secure mode (0: Store encrypted in file, 1: Load from Internet Keychain, 2: Load from Application Keychain). Currently, when using this from (extension) code, only modes 1 and 2 (Load from Keychain) are supported. 0 (Encrypted) Argument: account: DynamicString: NoneThe Account field from the Keychain item. Argument: url: DynamicString: NoneThe URL field from the Internet Keychain item. Field is required when in Internet Keychain mode. Argument: service: DynamicString: NoneThe Service field from the Application Keychain item. Field is required when in Application Keychain mode. /** * Only available to get Keychain (Internet or Application) passwords, * (mode 1 and 2), not with encrypted storage (mode 0). */ function evaluate(context){ var dv = new DynamicValue('com.luckymarmot.SecureDynamicValue', { mode: 1 /* Internet Keychain */, url: 'https://github.com', account: 'nfgrilo' }); return dv.getEvaluatedString(); };
