“No Passwords, No Pain”: How a User Pool Brings Order to Test Accounts

Automated and manual testing teams regularly encounter issues with test accounts: passwords are shared between testers and CI, accounts are used in parallel, become locked during test runs, the root causes of test failures are difficult to trace.

This talk explores the experience of creating and implementing a User Pool — an infrastructure service for the secure storage, authorisation, and monitoring of test accounts.

I'll cover:
• why storing passwords in config files, Excel and secret vaults does not solve the problem of concurrent access;
• why off-the-shelf IAM solutions such as Keycloak or Cognito are poorly suited to testing needs;
• how to implement authorisation in tests without exposing passwords to testers and autotests;
• how a locking mechanism can prevent simultaneous use of the same account;
• how to organise auditing and monitoring of test account usage;
• how the User Pool operates in real-world scenarios involving complex authentication flows.