Skip to main content

Testing and Verifying Security Features

Tests should cover incorrect keys, corrupted storage, and invalid inputs.

Example pytest snippets

import pytest
from vault import derive_key, encrypt_data, decrypt_data

def test_derive_key_consistency():
    key, salt = derive_key("passphrase")
    key2, _ = derive_key("passphrase", salt=salt)
    assert key == key2

def test_encrypt_decrypt_roundtrip():
    key, salt = derive_key("mypw")
    token = encrypt_data(key, b"hello")
    assert decrypt_data(key, token) == b"hello"

Lesson: Automate security checks and include negative tests that simulate corruption and misuse.