Overview

When using TestDriver to test your application, you may need to securely store and use sensitive information such as usernames, passwords, API keys, or other secrets. Every DevOps platform provides a secure way to manage these secrets, ensuring they aren’t exposed in your test files or logs.

Why use secrets?

  • Security: Secrets are encrypted and stored securely in your DevOps platform.
  • Masking: TestDriver automatically masks secrets in all test output, including debugging logs.
  • Reusability: Secrets can be reused across multiple workflows and test files.

Step 1: Replace hardcoded secrets in test files

To securely use secrets in your TestDriver test files, replace hardcoded values with placeholders in the format ${TD_YOUR_SECRET}. TestDriver will parse and mask any secrets that begin with TD_.

Example test file

version: 4.1.35
steps:
  - prompt: sign in with username and password
    commands:
      - command: focus-application
        name: Google Chrome
      - command: hover-text
        text: Email or phone
        description: email input field
        action: click
      - command: type
        text: ${TD_USERNAME}
      - command: hover-text
        text: Next
        description: next button after entering email
        action: click
      - command: hover-text
        text: Password
        description: password input field
        action: click
      - command: type
        text: ${TD_PASSWORD}

Step 2: Add secrets to DevOps platform

In this example we’ll use GitHub Actions, but the process is similar for other platforms like GitLab CI/CD, CircleCI, or Jenkins.
  1. Navigate to your GitHub repository.
  2. Go to Settings > Secrets and variables > Actions.
  3. Click New repository secret.
  4. Add your secrets (for example, TD_USERNAME, TD_PASSWORD, TD_API_KEY).
For detailed instructions, refer to the GitHub Docs on using secrets.

Step 3: Supply secrets to TestDriver CLI

When running TestDriver tests via the CLI in GitHub Actions, supply your secrets in the env section of the workflow step.

Example workflow

.github/workflows/testdriver.yaml
name: TestDriver Test

permissions:
  actions: read
  contents: read
  statuses: write
  pull-requests: write

jobs:
  test:
    name: "TestDriver"
    steps:
      - name: Check out repository
        uses: actions/checkout@v4

      - name: Run TestDriver
        run: npx testdriverai@latest run tests/signin.yaml --headless
        env:
          TD_API_KEY: ${{ secrets.TD_API_KEY }}
          TD_USERNAME: ${{ secrets.TD_USERNAME }}
          TD_PASSWORD: ${{ secrets.TD_PASSWORD }}

Best practices

  • Use Descriptive Names: Name your secrets clearly (for example, TD_USERNAME, TD_PASSWORD) to make them easy to identify.
  • Rotate Secrets Regularly: Update your secrets periodically to enhance security.
  • Limit Access: Only provide access to secrets for workflows and team members that require them.
  • Mask Secrets: Ensure all secrets are masked in logs by using the TD_ prefix.

Notes

  • Secrets are encrypted and only accessible during the workflow run.
  • TestDriver automatically masks secrets in test output to prevent accidental exposure.
  • For additional security, avoid hardcoding sensitive information in your test files or workflows.