Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.testdriver.ai/llms.txt

Use this file to discover all available pages before exploring further.

Protect sensitive information like passwords, API keys, and tokens in your TestDriver tests.

Typing Secrets Securely

When typing sensitive information like passwords, use the secret: true option to prevent the value from being logged or stored: 
import { test } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('login with secure password', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: 'https://myapp.com/login' 
  });

  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  await testdriver.find('password input').click();
  // Password is masked in logs and recordings
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  await testdriver.find('login button').click();
  await testdriver.assert('dashboard is visible');
});
When secret: true is set, the typed text appears as **** in all logs, recordings, and dashcam output.

Storing Secrets in GitHub

Store sensitive credentials as GitHub repository secrets so they’re never exposed in your code:
1

Navigate to Repository Settings

Go to your GitHub repository → SettingsSecrets and variablesActions
2

Add Repository Secrets

Click New repository secret and add your secrets:
  • TD_API_KEY - Your TestDriver API key
  • TD_USERNAME - Test account username
  • TD_PASSWORD - Test account password
3

Use in GitHub Actions

Reference secrets in your workflow file:
.github/workflows/test.yml
- name: Run TestDriver tests
  env:
    TD_API_KEY: ${{ secrets.TD_API_KEY }}
    TD_USERNAME: ${{ secrets.TD_USERNAME }}
    TD_PASSWORD: ${{ secrets.TD_PASSWORD }}
  run: vitest run

Local Development

For local development, store secrets in a .env file:
.env
TD_API_KEY=your_api_key_here
TD_USERNAME=testuser@example.com
TD_PASSWORD=your_secure_password
Never commit .env files to version control. Add .env to your .gitignore file.

Complete Example

Here’s a full login test with proper secrets handling:
tests/login.test.js
import { test, expect } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('secure login flow', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: process.env.TD_WEBSITE || 'https://staging.myapp.com'
  });

  // Enter username (not sensitive)
  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  // Enter password securely
  await testdriver.find('password input').click();
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  // Submit login
  await testdriver.find('login button').click();
  
  // Verify successful login
  const loggedIn = await testdriver.assert('user is logged in');
  expect(loggedIn).toBeTruthy();
});

Secrets Best Practices

  • Always use secret: true when typing passwords, tokens, or sensitive data
  • Use environment variables to keep secrets out of code
  • Store secrets in your CI provider (GitHub Actions, GitLab CI, etc.)
  • Never commit secrets to version control
  • Rotate secrets regularly to maintain security