Protect sensitive information like passwords, API keys, and tokens in your TestDriver tests.
Typing Secrets Securely
When typing sensitive information like passwords, use the secret: true option to prevent the value from being logged or stored:
javascript
import { test } from 'vitest';
import { chrome } from 'testdriverai/presets';
test('login with secure password', async (context) => {
const { testdriver } = await chrome(context, {
url: 'https://myapp.com/login'
});
await testdriver.find('email input').click();
await testdriver.type(process.env.TD_USERNAME);
await testdriver.find('password input').click();
// Password is masked in logs and recordings
await testdriver.type(process.env.TD_PASSWORD, { secret: true });
await testdriver.find('login button').click();
await testdriver.assert('dashboard is visible');
});
Storing Secrets in GitHub
Store sensitive credentials as GitHub repository secrets so they're never exposed in your code:
<Steps> <Step title="Navigate to Repository Settings"> Go to your GitHub repository → **Settings** → **Secrets and variables** → **Actions** </Step> <Step title="Add Repository Secrets"> Click **New repository secret** and add your secrets: - `TD_API_KEY` - Your TestDriver API key - `TD_USERNAME` - Test account username - `TD_PASSWORD` - Test account password </Step> <Step title="Use in GitHub Actions"> Reference secrets in your workflow file: ```yaml .github/workflows/test.yml - name: Run TestDriver tests env: TD_API_KEY: ${{ secrets.TD_API_KEY }} TD_USERNAME: ${{ secrets.TD_USERNAME }} TD_PASSWORD: ${{ secrets.TD_PASSWORD }} run: vitest run ``` </Step> </Steps>Local Development
For local development, store secrets in a .env file:
bash
TD_API_KEY=your_api_key_here TD_USERNAME=testuser@example.com TD_PASSWORD=your_secure_password
Complete Example
Here's a full login test with proper secrets handling:
javascript
import { test, expect } from 'vitest';
import { chrome } from 'testdriverai/presets';
test('secure login flow', async (context) => {
const { testdriver } = await chrome(context, {
url: process.env.TD_WEBSITE || 'https://staging.myapp.com'
});
// Enter username (not sensitive)
await testdriver.find('email input').click();
await testdriver.type(process.env.TD_USERNAME);
// Enter password securely
await testdriver.find('password input').click();
await testdriver.type(process.env.TD_PASSWORD, { secret: true });
// Submit login
await testdriver.find('login button').click();
// Verify successful login
const loggedIn = await testdriver.assert('user is logged in');
expect(loggedIn).toBeTruthy();
});