Skip to main content
Protect sensitive information like passwords, API keys, and tokens in your TestDriver tests.

Typing Secrets Securely

When typing sensitive information like passwords, use the secret: true option to prevent the value from being logged or stored: 
import { test } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('login with secure password', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: 'https://myapp.com/login' 
  });

  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  await testdriver.find('password input').click();
  // Password is masked in logs and recordings
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  await testdriver.find('login button').click();
  await testdriver.assert('dashboard is visible');
});
When secret: true is set, the typed text appears as **** in all logs, recordings, and dashcam output.

Storing Secrets in GitHub

Store sensitive credentials as GitHub repository secrets so they’re never exposed in your code:
1

Navigate to Repository Settings

Go to your GitHub repository → SettingsSecrets and variablesActions
2

Add Repository Secrets

Click New repository secret and add your secrets:
  • TD_API_KEY - Your TestDriver API key
  • TD_USERNAME - Test account username
  • TD_PASSWORD - Test account password
3

Use in GitHub Actions

Reference secrets in your workflow file:
.github/workflows/test.yml
- name: Run TestDriver tests
  env:
    TD_API_KEY: ${{ secrets.TD_API_KEY }}
    TD_USERNAME: ${{ secrets.TD_USERNAME }}
    TD_PASSWORD: ${{ secrets.TD_PASSWORD }}
  run: npx vitest run

Local Development

For local development, store secrets in a .env file:
.env
TD_API_KEY=your_api_key_here
TD_USERNAME=[email protected]
TD_PASSWORD=your_secure_password
Never commit .env files to version control. Add .env to your .gitignore file.

Complete Example

Here’s a full login test with proper secrets handling:
tests/login.test.js
import { test, expect } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('secure login flow', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: process.env.TD_WEBSITE || 'https://staging.myapp.com'
  });

  // Enter username (not sensitive)
  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  // Enter password securely
  await testdriver.find('password input').click();
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  // Submit login
  await testdriver.find('login button').click();
  
  // Verify successful login
  const loggedIn = await testdriver.assert('user is logged in');
  expect(loggedIn).toBeTruthy();
});

Secrets Best Practices

  • Always use secret: true when typing passwords, tokens, or sensitive data
  • Use environment variables to keep secrets out of code
  • Store secrets in your CI provider (GitHub Actions, GitLab CI, etc.)
  • Never commit secrets to version control
  • Rotate secrets regularly to maintain security