HCL OneTest API and HCL OneTest Server

You can publish test reports for tests run on HCL OneTest API to HCL OneTest Server. You can create secrets collections for your project and store them securely on HCL OneTest Server that you can retrieve the secrets from HCL OneTest Server during tests at runtime.

The secrets collections in HCL OneTest Server project have a separate access control list managed by the project owner. Earlier to 9.5.0, the secrets were stored in tags as an environment property in HCL OneTest API and they were visible to anybody who could see the project.

HCL OneTest Server

HCL OneTest Server is a new combined server that includes capabilities such as Docker-based distribution, installation, and execution of test cases.

You must set up access to HCL OneTest Server so that you can perform the following operations:
  • Publishing test suite reports to a project on HCL OneTest Server. For more information, see Publishing test results to HCL OneTest Server.
  • Retrieving the stored secrets from a project configured in HCL OneTest Server for using the secrets in tests at runtime.

With the introduction of secrets (under secrets collections) for a project in HCL OneTest Server, managing access to separate environments is simplified. If a member of a project does not have access to a secret (for example, a server credential), then the member cannot accidentally or maliciously run tests against that server. For example, tests that require accessing the database server by using the server credentials to retrieve stored data can be executed by a member if the access to the secrets is enabled.

If the secrets are not stored on HCL OneTest Server, you must then store secrets as plain text as an environment property in HCL OneTest API. This means that a user can accidentally run a test against the wrong environment.

You can perform the following tasks for your project that you want to test after you have set up HCL OneTest Server:
  • As a project owner, you can configure a project in HCL OneTest Server for creating secrets collections. Secrets are key-value pairs that are created for your project in HCL OneTest Server under a secrets collection.
  • You can decide to grant or restrict access to members in your organization to the secrets collections. Controlling access to secrets means controlling access to applications and systems under test. Members with access can access the secrets collection in HCL OneTest Server and use the secrets in test runs in HCL OneTest API.
  • Members of HCL OneTest Server project must generate offline user tokens from the HCL OneTest Server and use the offline user token for gaining access to HCL OneTest Server. See Generating an offline user token.
  • Members can access HCL OneTest Server from HCL OneTest API. See Accessing HCL OneTest Server.
  • Members across the organization can retrieve the stored secrets from HCL OneTest Server for using the secrets in test runs in HCL OneTest API without the necessity to store the secrets as visible environment tags in their project in HCL OneTest API. See Retrieving secrets from HCL OneTest Server.