codemie-test-harness 0.1.163__py3-none-any.whl → 0.1.165__py3-none-any.whl

codemie_test_harness/tests/utils/credentials_manager.py

@@ -0,0 +1,1358 @@
+"""
+Unified Credentials Manager with configuration-driven approach.
+Supports .env variables first, then AWS Parameter Store with JSON path navigation.
+"""
+
+import base64
+import json
+import os
+import re
+from typing import Optional, List, Dict, Any
+
+from codemie_test_harness.tests.utils.aws_parameters_store import AwsParameterStore
+from codemie_test_harness.tests.utils.env_resolver import EnvironmentResolver
+from codemie_sdk.models.integration import CredentialValues
+
+# Constants
+INTEGRATIONS_PARAMETER_PATH = "/codemie/autotests/integrations/"
+
+
+class CredentialsManager:
+    """
+    Unified credentials manager with configuration-driven approach.
+
+    Supports:
+    1. .env variables (highest priority)
+    2. AWS Parameter Store with JSON path navigation (fallback)
+    3. Default values (final fallback)
+    """
+
+    AUTO_GENERATED = "AUTO_GENERATED"
+
+    # Configuration mapping: env_var -> AWS parameter details
+    CREDENTIAL_MAPPINGS = {
+        # === JIRA CREDENTIALS ===
+        "JIRA_URL": {
+            "env": "JIRA_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_server.url",
+        },
+        "JIRA_TOKEN": {
+            "env": "JIRA_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_server.token",
+        },
+        "JIRA_JQL": {
+            "env": "JIRA_JQL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_server.jql",
+        },
+        "JIRA_CLOUD_URL": {
+            "env": "JIRA_CLOUD_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_cloud.url",
+        },
+        "JIRA_CLOUD_EMAIL": {
+            "env": "JIRA_CLOUD_EMAIL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_cloud.email",
+        },
+        "JIRA_CLOUD_TOKEN": {
+            "env": "JIRA_CLOUD_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_cloud.token",
+        },
+        "JIRA_CLOUD_JQL": {
+            "env": "JIRA_CLOUD_JQL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}jira",
+            "aws_path": "jira_cloud.jql",
+        },
+        # === CONFLUENCE CREDENTIALS ===
+        "CONFLUENCE_URL": {
+            "env": "CONFLUENCE_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_server.url",
+        },
+        "CONFLUENCE_TOKEN": {
+            "env": "CONFLUENCE_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_server.token",
+        },
+        "CONFLUENCE_CQL": {
+            "env": "CONFLUENCE_CQL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_server.cql",
+        },
+        "CONFLUENCE_CLOUD_URL": {
+            "env": "CONFLUENCE_CLOUD_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_cloud.url",
+        },
+        "CONFLUENCE_CLOUD_EMAIL": {
+            "env": "CONFLUENCE_CLOUD_EMAIL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_cloud.email",
+        },
+        "CONFLUENCE_CLOUD_TOKEN": {
+            "env": "CONFLUENCE_CLOUD_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_cloud.token",
+        },
+        "CONFLUENCE_CLOUD_CQL": {
+            "env": "CONFLUENCE_CLOUD_CQL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}confluence",
+            "aws_path": "confluence_cloud.cql",
+        },
+        # === GITLAB CREDENTIALS ===
+        "GITLAB_URL": {
+            "env": "GITLAB_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "gitlab.url",
+        },
+        "GITLAB_TOKEN": {
+            "env": "GITLAB_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "gitlab.token",
+        },
+        "GITLAB_PROJECT": {
+            "env": "GITLAB_PROJECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "gitlab.project",
+        },
+        "GITLAB_PROJECT_ID": {
+            "env": "GITLAB_PROJECT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "gitlab.project_id",
+        },
+        # === GITHUB CREDENTIALS ===
+        "GITHUB_URL": {
+            "env": "GITHUB_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "github.url",
+        },
+        "GITHUB_TOKEN": {
+            "env": "GITHUB_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "github.token",
+        },
+        "GITHUB_PROJECT": {
+            "env": "GITHUB_PROJECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}git",
+            "aws_path": "github.project",
+        },
+        # === AWS CREDENTIALS ===
+        "AWS_ACCESS_KEY_ID": {
+            "env": "AWS_ACCESS_KEY_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}aws",
+            "aws_path": "access_key_id",
+        },
+        "AWS_SECRET_ACCESS_KEY": {
+            "env": "AWS_SECRET_ACCESS_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}aws",
+            "aws_path": "secret_access_key",
+        },
+        "AWS_REGION": {
+            "env": "AWS_REGION",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}aws",
+            "aws_path": "region",
+        },
+        "AWS_SESSION_TOKEN": {
+            "env": "AWS_SESSION_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}aws",
+            "aws_path": "session_token",
+        },
+        # === AZURE CREDENTIALS ===
+        "AZURE_CLIENT_ID": {
+            "env": "AZURE_CLIENT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azure",
+            "aws_path": "client_id",
+        },
+        "AZURE_CLIENT_SECRET": {
+            "env": "AZURE_CLIENT_SECRET",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azure",
+            "aws_path": "client_secret",
+        },
+        "AZURE_TENANT_ID": {
+            "env": "AZURE_TENANT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azure",
+            "aws_path": "tenant_id",
+        },
+        "AZURE_SUBSCRIPTION_ID": {
+            "env": "AZURE_SUBSCRIPTION_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azure",
+            "aws_path": "subscription_id",
+        },
+        # === GCP CREDENTIALS ===
+        "GCP_PROJECT_ID": {
+            "env": "GCP_PROJECT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}gcp",
+            "aws_path": "projectId",
+        },
+        "GCP_CLIENT_EMAIL": {
+            "env": "GCP_CLIENT_EMAIL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}gcp",
+            "aws_path": "clientEmail",
+        },
+        "GCP_PRIVATE_KEY": {
+            "env": "GCP_PRIVATE_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}gcp",
+            "aws_path": "privateKey",
+        },
+        "GCP_SA_KEY_BASE64": {
+            "env": "GCP_SA_KEY_BASE64",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}gcp",
+            "aws_path": "sa_key_in_base64",
+        },
+        # === AZURE DEVOPS CREDENTIALS ===
+        "AZURE_DEVOPS_URL": {
+            "env": "AZURE_DEVOPS_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azuredevops",
+            "aws_path": "url",
+        },
+        "AZURE_DEVOPS_TOKEN": {
+            "env": "AZURE_DEVOPS_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azuredevops",
+            "aws_path": "personal_access_token",
+        },
+        "AZURE_DEVOPS_PROJECT_NAME": {
+            "env": "AZURE_DEVOPS_PROJECT_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azuredevops",
+            "aws_path": "project_name",
+        },
+        "AZURE_DEVOPS_ORGANIZATION_NAME": {
+            "env": "AZURE_DEVOPS_ORGANIZATION_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}azuredevops",
+            "aws_path": "organization_name",
+        },
+        # === SERVICENOW CREDENTIALS ===
+        "SERVICENOW_URL": {
+            "env": "SERVICENOW_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}service_now",
+            "aws_path": "url",
+        },
+        "SERVICENOW_TOKEN": {
+            "env": "SERVICENOW_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}service_now",
+            "aws_path": "token",
+        },
+        # === KEYCLOAK CREDENTIALS ===
+        "KEYCLOAK_URL": {
+            "env": "KEYCLOAK_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}keycloak",
+            "aws_path": "url",
+        },
+        "KEYCLOAK_REALM": {
+            "env": "KEYCLOAK_REALM",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}keycloak",
+            "aws_path": "realm",
+        },
+        "KEYCLOAK_CLIENT_ID": {
+            "env": "KEYCLOAK_CLIENT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}keycloak",
+            "aws_path": "client_id",
+        },
+        "KEYCLOAK_CLIENT_SECRET": {
+            "env": "KEYCLOAK_CLIENT_SECRET",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}keycloak",
+            "aws_path": "client_secret",
+        },
+        # === SONAR CREDENTIALS ===
+        "SONAR_URL": {
+            "env": "SONAR_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_server.url",
+        },
+        "SONAR_TOKEN": {
+            "env": "SONAR_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_server.token",
+        },
+        "SONAR_PROJECT_KEY": {
+            "env": "SONAR_PROJECT_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_server.projectKey",
+        },
+        "SONAR_CLOUD_URL": {
+            "env": "SONAR_CLOUD_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_cloud.url",
+        },
+        "SONAR_CLOUD_TOKEN": {
+            "env": "SONAR_CLOUD_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_cloud.token",
+        },
+        "SONAR_CLOUD_PROJECT_KEY": {
+            "env": "SONAR_CLOUD_PROJECT_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sonar",
+            "aws_path": "sonar_cloud.projectKey",
+        },
+        # === EMAIL/GMAIL CREDENTIALS ===
+        "GMAIL_URL": {
+            "env": "GMAIL_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "email.url",
+        },
+        "SMTP_USERNAME": {
+            "env": "SMTP_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "email.smtp_username",
+        },
+        "SMTP_PASSWORD": {
+            "env": "SMTP_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "email.smtp_password",
+        },
+        # === OAUTH CREDENTIALS ===
+        "OAUTH_URL": {
+            "env": "OAUTH_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "oauth.url",
+        },
+        "OAUTH_CLIENT_ID": {
+            "env": "OAUTH_CLIENT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "oauth.client_id",
+        },
+        "OAUTH_CLIENT_SECRET": {
+            "env": "OAUTH_CLIENT_SECRET",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "oauth.client_secret",
+        },
+        "OAUTH_REFRESH_TOKEN": {
+            "env": "OAUTH_REFRESH_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}email",
+            "aws_path": "oauth.refresh_token",
+        },
+        # === TELEGRAM CREDENTIALS ===
+        "TELEGRAM_TOKEN": {
+            "env": "TELEGRAM_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}telegram",
+            "aws_path": "token",
+        },
+        "TELEGRAM_CHAT_ID": {
+            "env": "TELEGRAM_CHAT_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}telegram",
+            "aws_path": "chat_id",
+        },
+        # === KUBERNETES CREDENTIALS ===
+        "KUBERNETES_URL": {
+            "env": "KUBERNETES_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}kubernetes",
+            "aws_path": "url",
+        },
+        "KUBERNETES_TOKEN": {
+            "env": "KUBERNETES_TOKEN",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}kubernetes",
+            "aws_path": "bearerToken",
+        },
+        # === REPORT PORTAL CREDENTIALS ===
+        "REPORT_PORTAL_URL": {
+            "env": "REPORT_PORTAL_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}reportportal",
+            "aws_path": "url",
+        },
+        "REPORT_PORTAL_API_KEY": {
+            "env": "REPORT_PORTAL_API_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}reportportal",
+            "aws_path": "api_key",
+        },
+        "REPORT_PORTAL_PROJECT": {
+            "env": "REPORT_PORTAL_PROJECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}reportportal",
+            "aws_path": "project",
+        },
+        # === ELASTICSEARCH CREDENTIALS (Preview Environment) ===
+        "ELASTICSEARCH_URL": {
+            "env": "ELASTICSEARCH_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_preview.url",
+        },
+        "ELASTICSEARCH_API_KEY_ID": {
+            "env": "ELASTICSEARCH_API_KEY_ID",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_preview.apiKeyId",
+        },
+        "ELASTICSEARCH_API_KEY": {
+            "env": "ELASTICSEARCH_API_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_preview.apiKey",
+        },
+        # === ELASTICSEARCH CREDENTIALS (Sandbox Environment) ===
+        "SANDBOX_ELASTICSEARCH_URL": {
+            "env": "ELASTICSEARCH_URL",  # Same env var
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_sandbox.url",
+        },
+        "SANDBOX_ELASTICSEARCH_API_KEY_ID": {
+            "env": "ELASTICSEARCH_API_KEY_ID",  # Same env var
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_sandbox.apiKeyId",
+        },
+        "SANDBOX_ELASTICSEARCH_API_KEY": {
+            "env": "ELASTICSEARCH_API_KEY",  # Same env var
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}elastic",
+            "aws_path": "elasticsearch_sandbox.apiKey",
+        },
+        # === LITE LLM CREDENTIALS ===
+        "LITE_LLM_API_KEY": {
+            "env": "LITE_LLM_API_KEY",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}litellm",
+            "aws_path": "api_key",
+        },
+        # === SQL CREDENTIALS (Environment-based) ===
+        # Preview MySQL
+        "PREVIEW_MYSQL_DIALECT": {
+            "env": "MYSQL_DIALECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.dialect",
+        },
+        "PREVIEW_MYSQL_URL": {
+            "env": "MYSQL_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.url",
+        },
+        "PREVIEW_MYSQL_PORT": {
+            "env": "MYSQL_PORT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.port",
+        },
+        "PREVIEW_MYSQL_DATABASE_NAME": {
+            "env": "MYSQL_DATABASE_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.database_name",
+        },
+        "PREVIEW_MYSQL_USERNAME": {
+            "env": "MYSQL_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.username",
+        },
+        "PREVIEW_MYSQL_PASSWORD": {
+            "env": "MYSQL_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.mysql.password",
+        },
+        # Sandbox MySQL
+        "SANDBOX_MYSQL_DIALECT": {
+            "env": "MYSQL_DIALECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.dialect",
+        },
+        "SANDBOX_MYSQL_URL": {
+            "env": "MYSQL_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.url",
+        },
+        "SANDBOX_MYSQL_PORT": {
+            "env": "MYSQL_PORT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.port",
+        },
+        "SANDBOX_MYSQL_DATABASE_NAME": {
+            "env": "MYSQL_DATABASE_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.database_name",
+        },
+        "SANDBOX_MYSQL_USERNAME": {
+            "env": "MYSQL_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.username",
+        },
+        "SANDBOX_MYSQL_PASSWORD": {
+            "env": "MYSQL_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mysql.password",
+        },
+        # Preview PostgreSQL
+        "PREVIEW_POSTGRES_DIALECT": {
+            "env": "POSTGRES_DIALECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.dialect",
+        },
+        "PREVIEW_POSTGRES_URL": {
+            "env": "POSTGRES_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.url",
+        },
+        "PREVIEW_POSTGRES_PORT": {
+            "env": "POSTGRES_PORT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.port",
+        },
+        "PREVIEW_POSTGRES_DATABASE_NAME": {
+            "env": "POSTGRES_DATABASE_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.database_name",
+        },
+        "PREVIEW_POSTGRES_USERNAME": {
+            "env": "POSTGRES_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.username",
+        },
+        "PREVIEW_POSTGRES_PASSWORD": {
+            "env": "POSTGRES_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "preview.postgres.password",
+        },
+        # Sandbox PostgreSQL
+        "SANDBOX_POSTGRES_DIALECT": {
+            "env": "POSTGRES_DIALECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.dialect",
+        },
+        "SANDBOX_POSTGRES_URL": {
+            "env": "POSTGRES_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.url",
+        },
+        "SANDBOX_POSTGRES_PORT": {
+            "env": "POSTGRES_PORT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.port",
+        },
+        "SANDBOX_POSTGRES_DATABASE_NAME": {
+            "env": "POSTGRES_DATABASE_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.database_name",
+        },
+        "SANDBOX_POSTGRES_USERNAME": {
+            "env": "POSTGRES_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.username",
+        },
+        "SANDBOX_POSTGRES_PASSWORD": {
+            "env": "POSTGRES_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.postgres.password",
+        },
+        # Sandbox MSSQL (only available in sandbox)
+        "SANDBOX_MSSQL_DIALECT": {
+            "env": "MSSQL_DIALECT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.dialect",
+        },
+        "SANDBOX_MSSQL_URL": {
+            "env": "MSSQL_URL",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.url",
+        },
+        "SANDBOX_MSSQL_PORT": {
+            "env": "MSSQL_PORT",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.port",
+        },
+        "SANDBOX_MSSQL_DATABASE_NAME": {
+            "env": "MSSQL_DATABASE_NAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.database_name",
+        },
+        "SANDBOX_MSSQL_USERNAME": {
+            "env": "MSSQL_USERNAME",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.username",
+        },
+        "SANDBOX_MSSQL_PASSWORD": {
+            "env": "MSSQL_PASSWORD",
+            "aws_param": f"{INTEGRATIONS_PARAMETER_PATH}sql",
+            "aws_path": "sandbox.mssql.password",
+        },
+    }
+
+    # Cache for AWS Parameter Store data to avoid repeated calls
+    _aws_cache: Dict[str, Dict[str, Any]] = {}
+
+    @staticmethod
+    def get_parameter(key: str, default: Optional[str] = "") -> Optional[str]:
+        """
+        Get parameter value using configuration-driven approach.
+
+        Priority:
+        1. Environment variable (.env file)
+        2. AWS Parameter Store (with JSON path navigation)
+        3. Configuration mapping default value
+        4. Provided default value
+
+        Args:
+            key: The parameter key (e.g., "JIRA_URL")
+            default: Default value if not found
+
+        Returns:
+            Parameter value or default
+        """
+        # 1. Try environment variable first (highest priority)
+        env_value = os.getenv(key)
+        if env_value is not None:
+            return env_value
+
+        # 2. Try AWS Parameter Store using configuration mapping
+        if key in CredentialsManager.CREDENTIAL_MAPPINGS:
+            config = CredentialsManager.CREDENTIAL_MAPPINGS[key]
+            aws_value = CredentialsManager._get_aws_parameter_with_path(
+                config["aws_param"], config["aws_path"]
+            )
+            if aws_value is not None:
+                return aws_value
+
+            # 3. Try configuration mapping default value
+            config_default = config.get("default", "")
+            if config_default is not None:
+                return config_default
+
+        return default
+
+    @staticmethod
+    def _get_aws_parameter_with_path(aws_param: str, json_path: str) -> Optional[str]:
+        """
+        Get value from AWS Parameter Store JSON using dot notation path.
+
+        Args:
+            aws_param: AWS Parameter Store parameter name (e.g., "/codemie/autotests/integrations/jira")
+            json_path: Dot notation path (e.g., "jira.url" or "jiracloud.token")
+
+        Returns:
+            Value at the specified path or None
+        """
+        try:
+            # Get AWS credentials from environment
+            aws_access_key = os.getenv("AWS_ACCESS_KEY", "")
+            aws_secret_key = os.getenv("AWS_SECRET_KEY", "")
+            aws_session_token = os.getenv("AWS_SESSION_TOKEN", "")
+
+            # Skip AWS Parameter Store if no credentials available
+            if not aws_access_key or not aws_secret_key:
+                return None
+
+            # Use cache to avoid repeated AWS calls for same parameter
+            if aws_param not in CredentialsManager._aws_cache:
+                aws_store = AwsParameterStore.get_instance(
+                    aws_access_key, aws_secret_key, aws_session_token
+                )
+                raw_value = aws_store.get_parameter(aws_param)
+                if raw_value:
+                    CredentialsManager._aws_cache[aws_param] = json.loads(raw_value)
+                else:
+                    CredentialsManager._aws_cache[aws_param] = {}
+
+            # Navigate the JSON structure using dot notation
+            data = CredentialsManager._aws_cache[aws_param]
+            path_parts = json_path.split(".")
+
+            current = data
+            for part in path_parts:
+                if isinstance(current, dict) and part in current:
+                    current = current[part]
+                else:
+                    return None
+
+            return current
+
+        except Exception:
+            # Silently handle AWS errors (credentials not available, parameter doesn't exist, etc.)
+            return None
+
+    # === CREDENTIAL METHODS ===
+
+    @staticmethod
+    def jira_credentials() -> List[CredentialValues]:
+        """Create Jira Cloud credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("JIRA_URL")
+            ),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("JIRA_TOKEN")
+            ),
+            CredentialValues(key="username", value=""),
+        ]
+
+    @staticmethod
+    def jira_cloud_credentials() -> List[CredentialValues]:
+        """Create Jira Cloud credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("JIRA_CLOUD_URL")
+            ),
+            CredentialValues(
+                key="username",
+                value=CredentialsManager.get_parameter("JIRA_CLOUD_EMAIL"),
+            ),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("JIRA_CLOUD_TOKEN")
+            ),
+            CredentialValues(key="is_cloud", value=True),
+        ]
+
+    @staticmethod
+    def confluence_credentials() -> List[CredentialValues]:
+        """Create Confluence credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("CONFLUENCE_URL")
+            ),
+            CredentialValues(key="username", value=""),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("CONFLUENCE_TOKEN")
+            ),
+        ]
+
+    @staticmethod
+    def confluence_cloud_credentials() -> List[CredentialValues]:
+        """Create Confluence Cloud credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url",
+                value=CredentialsManager.get_parameter("CONFLUENCE_CLOUD_URL"),
+            ),
+            CredentialValues(
+                key="username",
+                value=CredentialsManager.get_parameter("CONFLUENCE_CLOUD_EMAIL"),
+            ),
+            CredentialValues(
+                key="token",
+                value=CredentialsManager.get_parameter("CONFLUENCE_CLOUD_TOKEN"),
+            ),
+            CredentialValues(key="is_cloud", value=True),
+        ]
+
+    @staticmethod
+    def gitlab_credentials() -> List[CredentialValues]:
+        """Create GitLab credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("GITLAB_URL")
+            ),
+            CredentialValues(key="name", value=""),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("GITLAB_TOKEN")
+            ),
+        ]
+
+    @staticmethod
+    def github_credentials() -> List[CredentialValues]:
+        """Create GitHub credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("GITHUB_URL")
+            ),
+            CredentialValues(key="name", value=""),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("GITHUB_TOKEN")
+            ),
+        ]
+
+    @staticmethod
+    def aws_credentials() -> List[CredentialValues]:
+        """Create AWS credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="aws_access_key_id",
+                value=CredentialsManager.get_parameter("AWS_ACCESS_KEY_ID"),
+            ),
+            CredentialValues(
+                key="aws_secret_access_key",
+                value=CredentialsManager.get_parameter("AWS_SECRET_ACCESS_KEY"),
+            ),
+            CredentialValues(
+                key="aws_region", value=CredentialsManager.get_parameter("AWS_REGION")
+            ),
+        ]
+
+    @staticmethod
+    def azure_credentials() -> List[CredentialValues]:
+        """Create Azure credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="azure_client_id",
+                value=CredentialsManager.get_parameter("AZURE_CLIENT_ID"),
+            ),
+            CredentialValues(
+                key="azure_client_secret",
+                value=CredentialsManager.get_parameter("AZURE_CLIENT_SECRET"),
+            ),
+            CredentialValues(
+                key="azure_tenant_id",
+                value=CredentialsManager.get_parameter("AZURE_TENANT_ID"),
+            ),
+            CredentialValues(
+                key="azure_subscription_id",
+                value=CredentialsManager.get_parameter("AZURE_SUBSCRIPTION_ID"),
+            ),
+        ]
+
+    @staticmethod
+    def gcp_credentials() -> List[CredentialValues]:
+        """Create GCP credentials using configuration-driven approach."""
+        sa_key_in_base64 = CredentialsManager.get_parameter("GCP_SA_KEY_BASE64")
+        gcp_api_key = base64.b64decode(sa_key_in_base64).decode()
+        return [
+            CredentialValues(
+                key="gcp_api_key",
+                value=gcp_api_key,
+            ),
+        ]
+
+    @staticmethod
+    def azure_devops_credentials() -> List[CredentialValues]:
+        """Create Azure DevOps credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("AZURE_DEVOPS_URL")
+            ),
+            CredentialValues(
+                key="project",
+                value=CredentialsManager.get_parameter("AZURE_DEVOPS_PROJECT_NAME"),
+            ),
+            CredentialValues(
+                key="organization",
+                value=CredentialsManager.get_parameter(
+                    "AZURE_DEVOPS_ORGANIZATION_NAME"
+                ),
+            ),
+            CredentialValues(
+                key="token",
+                value=CredentialsManager.get_parameter("AZURE_DEVOPS_TOKEN"),
+            ),
+        ]
+
+    @staticmethod
+    def servicenow_credentials() -> List[CredentialValues]:
+        """Create ServiceNow credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("SERVICENOW_URL")
+            ),
+            CredentialValues(
+                key="api_key",
+                value=CredentialsManager.get_parameter("SERVICENOW_TOKEN"),
+            ),
+        ]
+
+    @staticmethod
+    def keycloak_credentials() -> List[CredentialValues]:
+        """Create Keycloak admin credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("KEYCLOAK_URL")
+            ),
+            CredentialValues(
+                key="realm", value=CredentialsManager.get_parameter("KEYCLOAK_REALM")
+            ),
+            CredentialValues(
+                key="client_id",
+                value=CredentialsManager.get_parameter("KEYCLOAK_CLIENT_ID"),
+            ),
+            CredentialValues(
+                key="client_secret",
+                value=CredentialsManager.get_parameter("KEYCLOAK_CLIENT_SECRET"),
+            ),
+        ]
+
+    # === SPECIAL QUERY METHODS ===
+
+    @staticmethod
+    def jira_jql() -> str:
+        """Get Jira Server JQL using configuration-driven approach."""
+        return CredentialsManager.get_parameter("JIRA_JQL")
+
+    @staticmethod
+    def jira_cloud_jql() -> str:
+        """Get Jira Cloud JQL using configuration-driven approach."""
+        return CredentialsManager.get_parameter("JIRA_CLOUD_JQL")
+
+    @staticmethod
+    def confluence_cql() -> str:
+        """Get Confluence CQL using configuration-driven approach."""
+        return CredentialsManager.get_parameter("CONFLUENCE_CQL")
+
+    @staticmethod
+    def confluence_cloud_cql() -> str:
+        """Get Confluence Cloud CQL using configuration-driven approach."""
+        return CredentialsManager.get_parameter("CONFLUENCE_CLOUD_CQL")
+
+    @staticmethod
+    def sonar_credentials() -> List[CredentialValues]:
+        """Create SonarQube credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("SONAR_URL")
+            ),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("SONAR_TOKEN")
+            ),
+            CredentialValues(
+                key="sonar_project_name",
+                value=CredentialsManager.get_parameter("SONAR_PROJECT_KEY"),
+            ),
+        ]
+
+    @staticmethod
+    def sonar_cloud_credentials() -> List[CredentialValues]:
+        """Create SonarCloud credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("SONAR_CLOUD_URL")
+            ),
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("SONAR_CLOUD_TOKEN")
+            ),
+            CredentialValues(
+                key="sonar_project_name",
+                value=CredentialsManager.get_parameter("SONAR_CLOUD_PROJECT_KEY"),
+            ),
+        ]
+
+    @staticmethod
+    def gmail_credentials() -> List[CredentialValues]:
+        """Create Gmail credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("GMAIL_URL")
+            ),
+            CredentialValues(
+                key="smtp_username",
+                value=CredentialsManager.get_parameter("SMTP_USERNAME"),
+            ),
+            CredentialValues(
+                key="smtp_password",
+                value=CredentialsManager.get_parameter("SMTP_PASSWORD"),
+            ),
+        ]
+
+    @staticmethod
+    def oauth_credentials() -> List[CredentialValues]:
+        """Create OAuth credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("OAUTH_URL")
+            ),
+            CredentialValues(
+                key="client_id",
+                value=CredentialsManager.get_parameter("OAUTH_CLIENT_ID"),
+            ),
+            CredentialValues(
+                key="client_secret",
+                value=CredentialsManager.get_parameter("OAUTH_CLIENT_SECRET"),
+            ),
+            CredentialValues(
+                key="refresh_token",
+                value=CredentialsManager.get_parameter("OAUTH_REFRESH_TOKEN"),
+            ),
+        ]
+
+    @staticmethod
+    def telegram_credentials() -> List[CredentialValues]:
+        """Create Telegram credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="token", value=CredentialsManager.get_parameter("TELEGRAM_TOKEN")
+            ),
+            CredentialValues(
+                key="chat_id",
+                value=CredentialsManager.get_parameter("TELEGRAM_CHAT_ID"),
+            ),
+        ]
+
+    @staticmethod
+    def kubernetes_credentials() -> List[CredentialValues]:
+        """Create Kubernetes credentials using configuration-driven approach."""
+        return [
+            CredentialValues(key="url", value=CredentialsManager.AUTO_GENERATED),
+            CredentialValues(
+                key="kubernetes_url",
+                value=CredentialsManager.get_parameter("KUBERNETES_URL"),
+            ),
+            CredentialValues(
+                key="kubernetes_token",
+                value=CredentialsManager.get_parameter("KUBERNETES_TOKEN"),
+            ),
+        ]
+
+    @staticmethod
+    def report_portal_credentials() -> List[CredentialValues]:
+        """Create Report Portal credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="url", value=CredentialsManager.get_parameter("REPORT_PORTAL_URL")
+            ),
+            CredentialValues(
+                key="project",
+                value=CredentialsManager.get_parameter("REPORT_PORTAL_PROJECT"),
+            ),
+            CredentialValues(
+                key="api_key",
+                value=CredentialsManager.get_parameter("REPORT_PORTAL_API_KEY"),
+            ),
+        ]
+
+    @staticmethod
+    def elasticsearch_credentials() -> List[CredentialValues]:
+        """Create Elasticsearch credentials using environment-aware configuration-driven approach.
+
+        Uses different JSON paths based on environment:
+        - Preview environment: elasticsearch.*
+        - Sandbox environments (azure, gcp, aws): sandbox.elasticsearch.*
+        """
+        # Check if we're in a sandbox environment
+        is_sandbox = EnvironmentResolver.is_sandbox()
+
+        if is_sandbox:
+            # For sandbox environments, use sandbox.elasticsearch.* paths
+            url = CredentialsManager.get_parameter("SANDBOX_ELASTICSEARCH_URL")
+            api_key_id = CredentialsManager.get_parameter(
+                "SANDBOX_ELASTICSEARCH_API_KEY_ID"
+            )
+            api_key = CredentialsManager.get_parameter("SANDBOX_ELASTICSEARCH_API_KEY")
+        else:
+            # For preview environment, use elasticsearch.* paths
+            url = CredentialsManager.get_parameter("ELASTICSEARCH_URL")
+            api_key_id = CredentialsManager.get_parameter("ELASTICSEARCH_API_KEY_ID")
+            api_key = CredentialsManager.get_parameter("ELASTICSEARCH_API_KEY")
+
+        return [
+            CredentialValues(key="url", value=url),
+            CredentialValues(key="elastic_api_key_id", value=api_key_id),
+            CredentialValues(key="elastic_api_key", value=api_key),
+        ]
+
+    @staticmethod
+    def mcp_credentials() -> List[CredentialValues]:
+        return [CredentialValues(key="ALLOWED_COMMANDS", value="ls,echo,mkdir")]
+
+    @staticmethod
+    def file_system_credentials() -> List[CredentialValues]:
+        """Create File System credentials using configuration-driven approach."""
+        return [
+            CredentialValues(key="url", value=CredentialsManager.AUTO_GENERATED),
+            CredentialValues(key="root_directory", value="/"),
+        ]
+
+    @staticmethod
+    def lite_llm_credentials() -> List[CredentialValues]:
+        """Create LiteLLM credentials using configuration-driven approach."""
+        return [
+            CredentialValues(
+                key="api_key",
+                value=CredentialsManager.get_parameter("LITE_LLM_API_KEY"),
+            ),
+        ]
+
+    @staticmethod
+    def mysql_credentials() -> List[CredentialValues]:
+        """Create MySQL credentials using environment-aware configuration-driven approach.
+
+        Uses different JSON paths based on environment:
+        - Preview environment: preview.mysql.*
+        - Sandbox environment: sandbox.mysql.*
+        """
+        # Check if we're in a sandbox environment
+        is_sandbox = EnvironmentResolver.is_sandbox()
+
+        if is_sandbox:
+            # For sandbox environments, use sandbox.mysql.* paths
+            dialect = CredentialsManager.get_parameter("SANDBOX_MYSQL_DIALECT")
+            url = CredentialsManager.get_parameter("SANDBOX_MYSQL_URL")
+            port = CredentialsManager.get_parameter("SANDBOX_MYSQL_PORT")
+            database_name = CredentialsManager.get_parameter(
+                "SANDBOX_MYSQL_DATABASE_NAME"
+            )
+            username = CredentialsManager.get_parameter("SANDBOX_MYSQL_USERNAME")
+            password = CredentialsManager.get_parameter("SANDBOX_MYSQL_PASSWORD")
+        else:
+            # For preview environment, use preview.mysql.* paths
+            dialect = CredentialsManager.get_parameter("PREVIEW_MYSQL_DIALECT")
+            url = CredentialsManager.get_parameter("PREVIEW_MYSQL_URL")
+            port = CredentialsManager.get_parameter("PREVIEW_MYSQL_PORT")
+            database_name = CredentialsManager.get_parameter(
+                "PREVIEW_MYSQL_DATABASE_NAME"
+            )
+            username = CredentialsManager.get_parameter("PREVIEW_MYSQL_USERNAME")
+            password = CredentialsManager.get_parameter("PREVIEW_MYSQL_PASSWORD")
+
+        return [
+            CredentialValues(key="dialect", value=dialect),
+            CredentialValues(key="url", value=url),
+            CredentialValues(key="port", value=port),
+            CredentialValues(key="database_name", value=database_name),
+            CredentialValues(key="username", value=username),
+            CredentialValues(key="password", value=password),
+        ]
+
+    @staticmethod
+    def postgres_credentials() -> List[CredentialValues]:
+        """Create PostgreSQL credentials using environment-aware configuration-driven approach.
+
+        Uses different JSON paths based on environment:
+        - Preview environment: preview.postgres.*
+        - Sandbox environment: sandbox.postgres.*
+        """
+        # Check if we're in a sandbox environment
+        is_sandbox = EnvironmentResolver.is_sandbox()
+
+        if is_sandbox:
+            # For sandbox environments, use sandbox.postgres.* paths
+            dialect = CredentialsManager.get_parameter("SANDBOX_POSTGRES_DIALECT")
+            url = CredentialsManager.get_parameter("SANDBOX_POSTGRES_URL")
+            port = CredentialsManager.get_parameter("SANDBOX_POSTGRES_PORT")
+            database_name = CredentialsManager.get_parameter(
+                "SANDBOX_POSTGRES_DATABASE_NAME"
+            )
+            username = CredentialsManager.get_parameter("SANDBOX_POSTGRES_USERNAME")
+            password = CredentialsManager.get_parameter("SANDBOX_POSTGRES_PASSWORD")
+        else:
+            # For preview environment, use preview.postgres.* paths
+            dialect = CredentialsManager.get_parameter("PREVIEW_POSTGRES_DIALECT")
+            url = CredentialsManager.get_parameter("PREVIEW_POSTGRES_URL")
+            port = CredentialsManager.get_parameter("PREVIEW_POSTGRES_PORT")
+            database_name = CredentialsManager.get_parameter(
+                "PREVIEW_POSTGRES_DATABASE_NAME"
+            )
+            username = CredentialsManager.get_parameter("PREVIEW_POSTGRES_USERNAME")
+            password = CredentialsManager.get_parameter("PREVIEW_POSTGRES_PASSWORD")
+
+        return [
+            CredentialValues(key="dialect", value=dialect),
+            CredentialValues(key="url", value=url),
+            CredentialValues(key="port", value=port),
+            CredentialValues(key="database_name", value=database_name),
+            CredentialValues(key="username", value=username),
+            CredentialValues(key="password", value=password),
+        ]
+
+    @staticmethod
+    def mssql_credentials() -> List[CredentialValues]:
+        """Create MSSQL credentials using configuration-driven approach.
+
+        MSSQL is only available in sandbox environment.
+        """
+        # MSSQL is only available in sandbox
+        dialect = CredentialsManager.get_parameter("SANDBOX_MSSQL_DIALECT")
+        url = CredentialsManager.get_parameter("SANDBOX_MSSQL_URL")
+        port = CredentialsManager.get_parameter("SANDBOX_MSSQL_PORT")
+        database_name = CredentialsManager.get_parameter("SANDBOX_MSSQL_DATABASE_NAME")
+        username = CredentialsManager.get_parameter("SANDBOX_MSSQL_USERNAME")
+        password = CredentialsManager.get_parameter("SANDBOX_MSSQL_PASSWORD")
+
+        return [
+            CredentialValues(key="dialect", value=dialect),
+            CredentialValues(key="url", value=url),
+            CredentialValues(key="port", value=port),
+            CredentialValues(key="database_name", value=database_name),
+            CredentialValues(key="username", value=username),
+            CredentialValues(key="password", value=password),
+        ]
+
+    @staticmethod
+    def sql_credentials(db_dialect: str) -> list[CredentialValues] | None:
+        """Create SQL credentials using environment-aware configuration-driven approach.
+
+        Args:
+            db_dialect: Database dialect ('mysql', 'postgres', 'mssql')
+
+        Returns:
+            List of credential values for the specified database dialect
+        """
+        if db_dialect.lower() == "mysql":
+            return CredentialsManager.mysql_credentials()
+        elif db_dialect.lower() in ["postgres", "postgresql"]:
+            return CredentialsManager.postgres_credentials()
+        elif db_dialect.lower() in ["mssql", "sqlserver"]:
+            return CredentialsManager.mssql_credentials()
+
+    @staticmethod
+    def open_api_credentials(token: str) -> List[CredentialValues]:
+        openapi_path = os.path.join(
+            os.path.dirname(__file__), "../test_data/openapi.json"
+        )
+        with open(openapi_path, "r") as openapi_json_file:
+            openapi_spec = json.load(openapi_json_file)
+
+        return [
+            CredentialValues(key="url", value=CredentialsManager.AUTO_GENERATED),
+            CredentialValues(key="openapi_api_key", value=f"Bearer {token}"),
+            CredentialValues(
+                key="openapi_spec",
+                value=json.dumps(openapi_spec, indent=4).replace(
+                    "CODEMIE_API_DOMAIN", os.getenv("CODEMIE_API_DOMAIN")
+                ),
+            ),
+        ]
+
+    @staticmethod
+    def plugin_credentials(plugin_key) -> List[CredentialValues]:
+        return [
+            CredentialValues(key="url", value=CredentialsManager.AUTO_GENERATED),
+            CredentialValues(key="plugin_key", value=plugin_key),
+        ]
+
+    # === INVALID CREDENTIALS FOR TESTING ===
+
+    @staticmethod
+    def invalid_jira_credentials() -> List[CredentialValues]:
+        """Create invalid Jira credentials for testing."""
+        credentials = CredentialsManager.jira_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_gitlab_credentials() -> List[CredentialValues]:
+        """Create invalid GitLab credentials for testing."""
+        credentials = CredentialsManager.gitlab_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_github_credentials() -> List[CredentialValues]:
+        """Create invalid GitHub credentials for testing."""
+        credentials = CredentialsManager.github_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_confluence_credentials() -> List[CredentialValues]:
+        """Create invalid Confluence credentials for testing."""
+        credentials = CredentialsManager.confluence_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_aws_credentials() -> List[CredentialValues]:
+        """Create invalid AWS credentials for testing."""
+        credentials = CredentialsManager.aws_credentials()
+        for cred in credentials:
+            if cred.key == "aws_secret_access_key":
+                cred.value = re.sub(r"\d", "0", cred.value)
+
+        return credentials
+
+    @staticmethod
+    def invalid_azure_credentials() -> List[CredentialValues]:
+        """Create invalid Azure credentials for testing."""
+        credentials = CredentialsManager.azure_credentials()
+        for cred in credentials:
+            if cred.key == "azure_client_secret":
+                cred.value = "wrong_secret"
+        return credentials
+
+    @staticmethod
+    def invalid_gcp_credentials():
+        credentials = CredentialsManager.gcp_credentials()
+        for cred in credentials:
+            if cred.key == "gcp_api_key":
+                cred.value = re.sub(r"\d", "0", cred.value)
+
+        return credentials
+
+    @staticmethod
+    def invalid_sonar_credentials() -> List[CredentialValues]:
+        """Create invalid SonarQube credentials for testing."""
+        credentials = CredentialsManager.sonar_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_sonar_cloud_credentials() -> List[CredentialValues]:
+        """Create invalid SonarCloud credentials for testing."""
+        credentials = CredentialsManager.sonar_cloud_credentials()
+        for cred in credentials:
+            if cred.key == "token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_gmail_credentials() -> List[CredentialValues]:
+        """Create invalid Gmail credentials for testing."""
+        credentials = CredentialsManager.gmail_credentials()
+        for cred in credentials:
+            if cred.key == "smtp_password":
+                cred.value = "wrong_password"
+        return credentials
+
+    @staticmethod
+    def invalid_servicenow_credentials() -> List[CredentialValues]:
+        """Create invalid ServiceNow credentials for testing."""
+        credentials = CredentialsManager.servicenow_credentials()
+        for cred in credentials:
+            if cred.key == "api_key":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_kubernetes_credentials() -> List[CredentialValues]:
+        """Create invalid Kubernetes credentials for testing."""
+        credentials = CredentialsManager.kubernetes_credentials()
+        for cred in credentials:
+            if cred.key == "kubernetes_token":
+                cred.value = "wrong_token"
+        return credentials
+
+    @staticmethod
+    def invalid_report_portal_credentials() -> List[CredentialValues]:
+        """Create invalid Report Portal credentials for testing."""
+        credentials = CredentialsManager.report_portal_credentials()
+        for cred in credentials:
+            if cred.key == "api_key":
+                cred.value = "wrong_api_key"
+        return credentials
+
+    @staticmethod
+    def invalid_oauth_credentials() -> List[CredentialValues]:
+        """Create invalid OAuth credentials for testing."""
+        credentials = CredentialsManager.oauth_credentials()
+        for cred in credentials:
+            if cred.key == "client_secret":
+                cred.value = "wrong_secret"
+        return credentials
+
+    @staticmethod
+    def invalid_keycloak_credentials() -> List[CredentialValues]:
+        """Create invalid Keycloak credentials for testing."""
+        credentials = CredentialsManager.keycloak_credentials()
+        for cred in credentials:
+            if cred.key == "client_secret":
+                cred.value = "wrong_secret"
+        return credentials
+
+    @staticmethod
+    def invalid_mysql_credentials() -> List[CredentialValues]:
+        """Create invalid MySQL credentials for testing."""
+        credentials = CredentialsManager.mysql_credentials()
+        for cred in credentials:
+            if cred.key == "password":
+                cred.value = "wrong_password"
+        return credentials
+
+    @staticmethod
+    def invalid_postgres_credentials() -> List[CredentialValues]:
+        """Create invalid PostgreSQL credentials for testing."""
+        credentials = CredentialsManager.postgres_credentials()
+        for cred in credentials:
+            if cred.key == "password":
+                cred.value = "wrong_password"
+        return credentials
+
+    @staticmethod
+    def invalid_mssql_credentials() -> List[CredentialValues]:
+        """Create invalid MSSQL credentials for testing."""
+        credentials = CredentialsManager.mssql_credentials()
+        for cred in credentials:
+            if cred.key == "password":
+                cred.value = "wrong_password"
+        return credentials
+
+    @staticmethod
+    def invalid_lite_llm_credentials() -> List[CredentialValues]:
+        credentials = CredentialsManager.lite_llm_credentials()
+        for cred in credentials:
+            if cred.key == "api_key":
+                cred.value = "wrong_key"
+        return credentials