Security Best Practices

Sensitive Data Inside Moropo

Once you start creating tests in Moropo, you will likely want to use secret information such as passwords and passcodes in your tests.

For example, your login test will likely have a step like this:

- tapOn:
    id: "email-input"
- inputText: "[email protected]"
- tapOn:
    id: "password-input"
- inputText: "password123"

Moropo encrypts all of your test data in the database at rest and during transit. However, tests are available as plain text for all authorised users in your organisation. Additionally, all test runs are screen recorded.

Best Practices

To help protect sensitive data, we recommend you follow these best practices when working with Moropo.

Use Test Accounts

If your app relies on user accounts, create dedicated test accounts instead of using real accounts during test runs. You may even wish to create and delete accounts during a single test run. Moropo's email helper can assist with this.

Only Enter Recordable Data

Every test run in Moropo is screen recorded. So only enter data into your test scripts that are allowed to be recorded as part of your organisational policies.

Keep Team Data Up-To-Date

All users in your organisation can view, edit and delete test and results data. Admins have permission to invite and remove users. It's important that you use Moropo's team management functionality to remove old users and keep the list of admins up-to-date.