Overview

The TestDriver web dashboard provides a secure interface for managing and reviewing your tests. Tests executed via the GitHub Action are recorded and reported through Dashcam, another application developed by TestDriver. For more details, refer to the Dashcam documentation. Dashcam and TestDriver share the same API and web application back end, which includes robust privacy and security features.

Security features

SSL

  • All data transmitted between your browser and the TestDriver web application is encrypted using HTTPS.

Authentication

  • Users can only authenticate via OAuth, provided by Auth0, ensuring secure and reliable user authentication.

Team management

  • Administrators can add or remove individual team members.
  • Only administrators have the ability to manage team settings.
  • Everyone in the team gets their own API key
  • The team also gets a shared API key which can be used for CI/CD workflows.

Role-based access control (RBAC)

  • The first user to create a team is designated as the administrator.
  • Administrators:
    • Can manage team settings.
    • Can’t be removed from the team.
  • All other users are normal members with limited access.

API key rotation

  • Teams can rotate their API key for enhanced security.
  • It’s recommended to rotate the API key every 90 days to minimize risk.
  • Only the administrators can rotate the shared API key.
For more details on Team Management see the Team documentation.
Always remember to add a .gitignore file to your repository including a .env line so you never accidentally commit you TestDriver API key. This is important for security and to prevent exposing sensitive information. For more info see GitHub Docs.

Secret masking

  • Test replay logs and network requests are automatically scanned for sensitive information, such as:
    • Credit card numbers
    • Emails
    • Passwords
    • API keys
  • Detected secrets are masked with asterisks (****) to prevent exposure.

Encrypted at rest

  • Test replays and logs are securely stored on Amazon S3 and encrypted at rest.
  • Test results are only accessible via temporary signed URLs.
  • Signed URLs are generated exclusively for team users and expire after a set duration.

Notes

  • The TestDriver web dashboard is designed with privacy and security as top priorities.
  • For additional security, ensure your team rotates API keys regularly and reviews team member access permissions.
  • If you have specific security concerns or questions, please contact TestDriver support.
See complete docs about the dashboard features here