> ## Documentation Index
> Fetch the complete documentation index at: https://docs.testdriver.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Managing Secrets

> Discover how to securely configure and optimize your TestDriver CLI environment for seamless CI/CD workflows.

## Overview

When using TestDriver to test your application, you may need to securely store and use sensitive information such as usernames, passwords, API keys, or other secrets. Every DevOps platform provides a secure way to manage these secrets, ensuring they aren't exposed in your test files or logs.

***

## Why use secrets?

* **Security**: Secrets are encrypted and stored securely in your DevOps platform.
* **Masking**: TestDriver automatically masks secrets in all test output, including debugging logs.
* **Reusability**: Secrets can be reused across multiple workflows and test files.

***

## Step 1: Replace hardcoded secrets in test files

To securely use secrets in your TestDriver test files, replace hardcoded values with placeholders in the format `${TD_YOUR_SECRET}`. TestDriver will parse and mask any secrets that begin with `TD_`.

### Example test file

```yaml login.yaml highlight={11, 12, 21, 22} theme={null}
version: 6.0.0
steps:
  - prompt: sign in with username and password
    commands:
      - command: focus-application
        name: Google Chrome
      - command: hover-text
        text: Email or phone
        description: email input field
        action: click
      - command: type
        text: ${TD_USERNAME}
      - command: hover-text
        text: Next
        description: next button after entering email
        action: click
      - command: hover-text
        text: Password
        description: password input field
        action: click
      - command: type
        text: ${TD_PASSWORD}
      - command: hover-text
        text: Log In
        description: log in button
        action: click
```

***

## Step 2: Add secrets to DevOps platform

In this example we'll use GitHub Actions, but the process is similar for other platforms like GitLab CI/CD, CircleCI, or Jenkins.

1. Navigate to your GitHub repository.
2. Go to **Settings** > **Secrets and variables** > **Actions**.
3. Click **New repository secret**.
4. Add your secrets (for example, `TD_USERNAME`, `TD_PASSWORD`, `TD_API_KEY`).

For detailed instructions, refer to the [GitHub Docs on using secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets).

***

## Step 3: Supply secrets to TestDriver CLI

When running TestDriver tests via the CLI in GitHub Actions, supply your secrets in the `env` section of the workflow step.

<Card title="Adding secrets to CI" icon="link" href="/guide/authentication">
  Check out our authentication page to see how to add secrets in your CI
  workflow.
</Card>

## Best practices

* **Use Descriptive Names**: Name your secrets clearly (for example, `TD_USERNAME`, `TD_PASSWORD`) to make them easy to identify.
* **Rotate Secrets Regularly**: Update your secrets periodically to enhance security.
* **Limit Access**: Only provide access to secrets for workflows and team members that require them.

## <Note>To ensure all secrets are masked in logs, use the `TD_` prefix.</Note>

## Notes

* Secrets are encrypted and only accessible during the workflow run.
* TestDriver automatically masks secrets in test output to prevent accidental exposure.
* For additional security, avoid hardcoding sensitive information in your test files or workflows.