Enterprise Deployment
This guide covers enterprise-scale deployment patterns, security considerations, monitoring, and governance for Dochia in production environments.
Overview
Enterprise deployment of Dochia involves:
- Centralized configuration management
- Security and compliance requirements
- Monitoring and observability
- Scaling strategies for large API portfolios
- Integration with enterprise toolchains
Architecture Patterns
Environment-Specific Configuration
Dochia uses individual properties files for each environment. Create separate configuration files:
# config/dochia-dev.properties
connection-timeout=5
read-timeout=10
write-timeout=10
max-requests-per-minute=300
output=./dev-reports
hide-success=true
# config/dochia-staging.properties
connection-timeout=15
read-timeout=30
write-timeout=30
max-requests-per-minute=120
output=./staging-reports
blackbox=false
# config/dochia-prod.properties
connection-timeout=30
read-timeout=60
write-timeout=60
max-requests-per-minute=30
output=./prod-reports
blackbox=true
filter-codes=2xx,4xx
Distributed Testing Strategy
# Multi-environment testing orchestration
#!/bin/bash
ENVIRONMENTS=("dev" "staging" "prod")
SERVICES=("user-service" "order-service" "payment-service")
for env in "${ENVIRONMENTS[@]}"; do
for service in "${SERVICES[@]}"; do
dochia test \
--contract "specs/${service}-api.yml" \
--server "${env}-${service}.company.com" \
--config "configs/dochia-${env}.properties" \
--output "./reports/${env}/${service}" \
--timestamp-reports &
# Note: --json flag requires Premium version
# Free version generates individual JSON + HTML reports
done
wait # Wait for all services in environment to complete
done
Security & Compliance
Enterprise Authentication
Service Account Management
# Service account with rotating credentials
dochia test --contract api.yml --server https://api.company.com \
--user "service-account@company.com:${SERVICE_ACCOUNT_PASSWORD}" \
--auth-refresh-interval 3600 \
--auth-refresh-script ./scripts/refresh-service-token.sh
Client Certificate Authentication (mTLS)
# Corporate PKI integration
dochia test --contract api.yml --server https://secure-api.company.com \
--ssl-keystore /etc/dochia/certs/client.p12 \
--ssl-keystore-password "${KEYSTORE_PASSWORD}" \
--ssl-key-password "${KEY_PASSWORD}"
Corporate Proxy Configuration
# Enterprise proxy with authentication
dochia test --contract api.yml --server https://internal-api.company.com \
--proxy "http://proxy-user:${PROXY_PASS}@proxy.company.com:8080" \
--proxy-host proxy.company.com \
--proxy-port 8080
Secrets Management Integration
HashiCorp Vault Integration
#!/bin/bash
# vault-auth-script.sh
# Authenticate with Vault using service principal
vault auth -method=aws
# Retrieve API token
API_TOKEN=$(vault kv get -field=token secret/api-credentials/production)
echo "Bearer ${API_TOKEN}"
Azure Key Vault Integration
#!/bin/bash
# azure-auth-script.sh
# Authenticate using managed identity
az login --identity
# Retrieve secret
SECRET=$(az keyvault secret show --vault-name "company-vault" --name "api-token" --query value -o tsv)
echo "Bearer ${SECRET}"
AWS Secrets Manager Integration
#!/bin/bash
# aws-auth-script.sh
# Retrieve secret using IAM role
SECRET=$(aws secretsmanager get-secret-value \
--secret-id "prod/api/token" \
--query SecretString --output text)
echo "Bearer ${SECRET}"
Monitoring & Observability
Metrics Collection
Prometheus Integration
# Export metrics to Prometheus format (Premium version with --json)
# For free version, parse individual JSON reports
dochia test --contract api.yml --server https://api.company.com \
--execution-stats \
--detailed-execution-stats \
--output ./reports
# Premium version with consolidated JSON:
# dochia test ... --json | jq -r '.statistics | ...'
# Free version - parse individual reports:
find ./reports -name "*.json" | xargs jq -s '
map(.statistics) |
add |
"dochia_tests_total \(.total_tests // 0)",
"dochia_errors_total \(.total_errors // 0)",
"dochia_duration_seconds \((.execution_time_ms // 0) / 1000)"
' > /var/lib/prometheus/dochia-metrics.prom
Grafana Dashboard Queries
# Error rate over time
rate(dochia_errors_total[5m]) / rate(dochia_tests_total[5m])
# Test execution duration
histogram_quantile(0.95, dochia_duration_seconds)
# API response time trends
avg_over_time(dochia_response_time_ms[1h])
Alerting Strategies
Critical Error Thresholds
# alertmanager-rules.yml
groups:
- name: dochia-api-testing
rules:
- alert: HighAPIErrorRate
expr: rate(dochia_errors_total[5m]) / rate(dochia_tests_total[5m]) > 0.1
for: 2m
labels:
severity: critical
annotations:
summary: "High API error rate detected"
description: "API error rate is {{ $value | humanizePercentage }}"
- alert: APITestingDown
expr: up{job="dochia"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Dochia testing is down"
Log Aggregation
ELK Stack Integration
# Structured logging for Elasticsearch
# Premium version with --json:
# dochia test ... --json | jq -c '. + {...}' | filebeat
# Free version - process individual JSON reports:
dochia test --contract api.yml --server https://api.company.com \
--execution-stats \
--output ./reports
# Process individual JSON files for ELK
find ./reports -name "*.json" -newer ./reports/.last_processed 2>/dev/null | \
while read report; do
jq -c '. + {
"@timestamp": now | strftime("%Y-%m-%dT%H:%M:%S.%3NZ"),
"service": "dochia",
"environment": env.ENVIRONMENT,
"team": env.TEAM_NAME
}' "$report" | filebeat -e -c /etc/filebeat/filebeat.yml
done
touch ./reports/.last_processed
Splunk Integration
# Splunk HEC (HTTP Event Collector)
# Premium version with --json:
# dochia test ... --json | curl -X POST ...
# Free version - process individual JSON reports:
dochia test --contract api.yml --server https://api.company.com \
--output ./reports
# Send individual reports to Splunk
find ./reports -name "*.json" -newer ./reports/.last_splunk 2>/dev/null | \
while read report; do
curl -X POST "https://splunk.company.com:8088/services/collector" \
-H "Authorization: Splunk ${SPLUNK_TOKEN}" \
-H "Content-Type: application/json" \
-d @"$report"
done
touch ./reports/.last_splunk
Scaling Strategies
Horizontal Scaling
Kubernetes Deployment
# dochia-cronjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: dochia-api-tests
namespace: testing
spec:
schedule: "0 */4 * * *" # Every 4 hours
jobTemplate:
spec:
template:
spec:
containers:
- name: dochia
image: dochia/cli:latest
command:
- /bin/sh
- -c
- |
dochia test \
--contract /specs/api.yml \
--server https://api.company.com \
--config /config/dochia-prod.properties \
--output /reports
# Note: --json requires Premium version
# Free version generates individual JSON + HTML reports
volumeMounts:
- name: specs
mountPath: /specs
- name: config
mountPath: /config
- name: reports
mountPath: /reports
- name: results
mountPath: /results
env:
- name: API_TOKEN
valueFrom:
secretKeyRef:
name: api-credentials
key: token
volumes:
- name: specs
configMap:
name: api-specs
- name: config
configMap:
name: dochia-config
- name: reports
persistentVolumeClaim:
claimName: dochia-reports
- name: results
persistentVolumeClaim:
claimName: dochia-results
restartPolicy: OnFailure
Docker Swarm Deployment
# docker-compose.yml
version: '3.8'
services:
dochia-scheduler:
image: dochia/cli:latest
deploy:
replicas: 3
restart_policy:
condition: on-failure
environment:
- ENVIRONMENT=production
- TEAM_NAME=platform
volumes:
- ./specs:/specs:ro
- ./config:/config:ro
- reports:/reports
command: >
sh -c "
while true; do
dochia test --contract /specs/api.yml --server https://api.company.com \
--config /config/dochia-prod.properties \
--output /reports \
--timestamp-reports
sleep 3600
done
"
volumes:
reports:
driver: nfs
driver_opts:
share: nfs.company.com:/dochia-reports
Load Balancing Testing
# Test multiple API instances
API_INSTANCES=(
"api-1.company.com"
"api-2.company.com"
"api-3.company.com"
)
for instance in "${API_INSTANCES[@]}"; do
dochia test \
--contract api.yml \
--server "https://${instance}" \
--max-requests-per-minute 30 \
--output "./reports/${instance}" \
--header "X-Test-Instance=${instance}" &
done
wait
Governance & Compliance
API Contract Governance
Schema Validation Pipeline
#!/bin/bash
# validate-api-contracts.sh
SPECS_DIR="/specs"
VALIDATION_RESULTS="/tmp/validation-results.json"
echo "[]" > "${VALIDATION_RESULTS}"
for spec in "${SPECS_DIR}"/*.yml; do
service_name=$(basename "${spec}" .yml)
# Validate OpenAPI spec
dochia info --contract "${spec}" --json > "/tmp/${service_name}-info.json"
# Run contract tests (Premium version)
# dochia test --contract "${spec}" --server "..." --dry-run --json > "..."
# Free version - generate reports and parse
dochia test \
--contract "${spec}" \
--server "https://${service_name}.company.com" \
--dry-run \
--output "/tmp/${service_name}-reports"
# Parse individual JSON reports
find "/tmp/${service_name}-reports" -name "*.json" | \
jq -s 'add' > "/tmp/${service_name}-tests.json"
# Aggregate results
jq -s '.[0] + .[1] + {"service": "'${service_name}'", "timestamp": now}' \
"/tmp/${service_name}-info.json" \
"/tmp/${service_name}-tests.json" >> "${VALIDATION_RESULTS}"
done
Compliance Reporting
SOC 2 Compliance
# Generate compliance report
dochia test --contract api.yml --server https://api.company.com \
--execution-stats \
--detailed-execution-stats \
--mask-headers "Authorization,X-API-Key,X-Auth-Token" \
--output ./compliance-reports \
--timestamp-reports
# Premium version with --json:
# dochia test ... --json | jq '{...}' > "compliance-report.json"
# Free version - aggregate individual JSON reports:
find ./compliance-reports -name "*.json" | jq -s '
map(select(.statistics)) |
{
audit_timestamp: now | strftime("%Y-%m-%dT%H:%M:%S.%3NZ"),
test_execution: {
total_tests: map(.statistics.total_tests // 0) | add,
passed_tests: map((.statistics.total_tests // 0) - (.statistics.total_errors // 0)) | add,
failed_tests: map(.statistics.total_errors // 0) | add,
execution_time_ms: map(.statistics.execution_time_ms // 0) | add
},
security_measures: {
headers_masked: true,
ssl_verification: true,
rate_limited: true
},
compliance_status: (if (map(.statistics.total_errors // 0) | add) == 0 then "COMPLIANT" else "NON_COMPLIANT" end)
}' > "./compliance-reports/soc2-$(date +%Y%m%d-%H%M%S).json"
Audit Trail
# Comprehensive audit logging
exec > >(tee -a "/var/log/dochia/audit-$(date +%Y%m%d).log")
exec 2>&1
echo "$(date -Iseconds) [AUDIT] Starting API security test"
echo "$(date -Iseconds) [AUDIT] User: $(whoami)"
echo "$(date -Iseconds) [AUDIT] Environment: ${ENVIRONMENT}"
echo "$(date -Iseconds) [AUDIT] API Target: ${API_URL}"
dochia test \
--contract "${API_SPEC}" \
--server "${API_URL}" \
--config "configs/dochia-${ENVIRONMENT}.properties" \
--output "${REPORT_DIR}" \
--execution-stats
# Note: --json flag requires Premium version
# Free version generates individual JSON + HTML reports in REPORT_DIR
EXIT_CODE=$?
echo "$(date -Iseconds) [AUDIT] Test completed with exit code: ${EXIT_CODE}"
echo "$(date -Iseconds) [AUDIT] Reports saved to: ${REPORT_DIR}"
Performance Optimization
Resource Management
Memory Optimization
# Large-scale testing with memory constraints
dochia test --contract api.yml --server https://api.company.com \
--max-schema-combinations 5 \
--max-tested-fields 20 \
--max-fields-to-remove 3 \
--large-strings-size 1000
CPU Optimization
# Parallel execution across multiple cores
CORES=$(nproc)
SPECS=($(ls specs/*.yml))
SPECS_PER_CORE=$((${#SPECS[@]} / CORES))
for ((i=0; i<CORES; i++)); do
start=$((i * SPECS_PER_CORE))
end=$(((i + 1) * SPECS_PER_CORE))
for ((j=start; j<end && j<${#SPECS[@]}; j++)); do
spec=${SPECS[j]}
service=$(basename "${spec}" .yml)
dochia test \
--contract "${spec}" \
--server "https://${service}.company.com" \
--output "./reports/core-${i}/${service}" &
done
done
wait
Disaster Recovery
Backup Strategies
#!/bin/bash
# backup-dochia-assets.sh
BACKUP_DIR="/backups/dochia/$(date +%Y%m%d)"
mkdir -p "${BACKUP_DIR}"
# Backup specifications
tar -czf "${BACKUP_DIR}/specs.tar.gz" /specs/
# Backup configurations
tar -czf "${BACKUP_DIR}/configs.tar.gz" /configs/
# Backup recent reports
find /reports -mtime -7 -type f | tar -czf "${BACKUP_DIR}/recent-reports.tar.gz" -T -
# Upload to cloud storage
aws s3 sync "${BACKUP_DIR}" "s3://company-backups/dochia/$(date +%Y%m%d)/"
High Availability Setup
# ha-dochia-setup.yml
version: '3.8'
services:
dochia-primary:
image: dochia/cli:latest
environment:
- ROLE=primary
- HEALTH_CHECK_INTERVAL=30
healthcheck:
test: ["CMD", "dochia", "--version"]
interval: 30s
timeout: 10s
retries: 3
dochia-secondary:
image: dochia/cli:latest
environment:
- ROLE=secondary
- PRIMARY_HOST=dochia-primary
depends_on:
- dochia-primary
deploy:
replicas: 2
Best Practices Summary
Security Checklist
- ✅ Use service accounts with minimal required permissions
- ✅ Implement credential rotation (max 24 hours for production)
- ✅ Enable mTLS for internal API communication
- ✅ Mask sensitive headers in all reports and logs
- ✅ Use corporate proxy for external API access
- ✅ Implement network segmentation for testing infrastructure
Operational Checklist
- ✅ Set up comprehensive monitoring and alerting
- ✅ Implement automated backup and recovery procedures
- ✅ Configure rate limiting appropriate for each environment
- ✅ Establish clear escalation procedures for test failures
- ✅ Maintain audit trails for compliance requirements
- ✅ Regular security reviews of testing infrastructure
Performance Checklist
- ✅ Optimize resource usage for large API portfolios
- ✅ Implement parallel execution strategies
- ✅ Configure appropriate timeouts for different environments
- ✅ Monitor and tune rate limiting based on API capacity
- ✅ Use distributed testing for high-scale scenarios
See Also
- CI/CD Integration - Automated testing pipelines
- Performance Tuning - Detailed performance optimization
- Best Practices - General testing best practices
- Authentication Examples - Authentication patterns