> ## Documentation Index
> Fetch the complete documentation index at: https://docs.testdriver.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Using Secrets

> Securely manage passwords and sensitive data in your tests

Protect sensitive information like passwords, API keys, and tokens in your TestDriver tests.

## Typing Secrets Securely

When typing sensitive information like passwords, use the `secret: true` option to prevent the value from being logged or stored:

```javascript theme={null}
import { test } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('login with secure password', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: 'https://myapp.com/login' 
  });

  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  await testdriver.find('password input').click();
  // Password is masked in logs and recordings
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  await testdriver.find('login button').click();
  await testdriver.assert('dashboard is visible');
});
```

<Note>
  When `secret: true` is set, the typed text appears as `****` in all logs, recordings, and dashcam output.
</Note>

## Storing Secrets in GitHub

Store sensitive credentials as GitHub repository secrets so they're never exposed in your code:

<Steps>
  <Step title="Navigate to Repository Settings">
    Go to your GitHub repository → **Settings** → **Secrets and variables** → **Actions**
  </Step>

  <Step title="Add Repository Secrets">
    Click **New repository secret** and add your secrets:

    * `TD_API_KEY` - Your TestDriver API key
    * `TD_USERNAME` - Test account username
    * `TD_PASSWORD` - Test account password
  </Step>

  <Step title="Use in GitHub Actions">
    Reference secrets in your workflow file:

    ```yaml .github/workflows/test.yml theme={null}
    - name: Run TestDriver tests
      env:
        TD_API_KEY: ${{ secrets.TD_API_KEY }}
        TD_USERNAME: ${{ secrets.TD_USERNAME }}
        TD_PASSWORD: ${{ secrets.TD_PASSWORD }}
      run: vitest run
    ```
  </Step>
</Steps>

## Local Development

For local development, store secrets in a `.env` file:

```bash .env theme={null}
TD_API_KEY=your_api_key_here
TD_USERNAME=testuser@example.com
TD_PASSWORD=your_secure_password
```

<Warning>
  Never commit `.env` files to version control. Add `.env` to your `.gitignore` file.
</Warning>

## Complete Example

Here's a full login test with proper secrets handling:

```javascript tests/login.test.js theme={null}
import { test, expect } from 'vitest';
import { chrome } from 'testdriverai/presets';

test('secure login flow', async (context) => {
  const { testdriver } = await chrome(context, { 
    url: process.env.TD_WEBSITE || 'https://staging.myapp.com'
  });

  // Enter username (not sensitive)
  await testdriver.find('email input').click();
  await testdriver.type(process.env.TD_USERNAME);
  
  // Enter password securely
  await testdriver.find('password input').click();
  await testdriver.type(process.env.TD_PASSWORD, { secret: true });
  
  // Submit login
  await testdriver.find('login button').click();
  
  // Verify successful login
  const loggedIn = await testdriver.assert('user is logged in');
  expect(loggedIn).toBeTruthy();
});
```

<Card title="Secrets Best Practices" icon="shield-check">
  * **Always use `secret: true`** when typing passwords, tokens, or sensitive data
  * **Use environment variables** to keep secrets out of code
  * **Store secrets in your CI provider** (GitHub Actions, GitLab CI, etc.)
  * **Never commit secrets** to version control
  * **Rotate secrets regularly** to maintain security
</Card>