Start Testing Now BlazeMeter University Submit a Support Request My Support Tickets
Follow

Secrets Management

Avatar
Heitor Tashiro Sergent

NOTE: The Secrets Management feature requires a qualifying plan. Check your plan or contact Sales to get started.

The Secrets feature allows team owners (and admins) to create and manage variables with a key/value pair, where the value is encrypted and hidden, and allows all team members to use the variables in their tests with the new built-in function {{get_secret(key)}}.

In the same way you might have a .env or config file in your app that includes sensitive variables you don't want to be checked in to your project's version control repository, our Secrets feature can help you keep sensitive information secure.

A few common cases where secrets can be used:

  • You might have an API key or access token that you do not wish to be visible in your tests for security reasons
  • You're working with an API that requires authentication credentials that you don't want exposed
  • You don't want to send certain information to third-party integrations

Creating Secrets

Important! Only team owners are able to view the secrets menu and create/edit/delete secrets variables.

Click on your profile on the top-right and select Secrets from the dropdown:

secrets.png

On the Secrets page, if you are the team owner you'll see Add Secret. Click on it to create a new secret key/value pair, enter the name that will be used to access it throughout your tests, and the value:

2-secrets-variables.png

Click Save Changes, and you're all set!

NOTE: Secrets have a 1,024 character limit.

Editing Secrets

To edit your existing secrets, go back to the Secrets page and click on Edit next to the secret you wish to change the value for.

editsecret.png

Enter the new value, and click Save Changes.

Using Secrets

To use secrets in your tests, you'll have to use a built-in function:

Variable/Function Description
{{get_secret(key)}} Retrieves the secret value for the key name.

An API test in editor mode, highlighting a test step and the Headers section with a header for Authorization, and the value using the get_secrets function

To see what secrets are available in your BlazeMeter API Monitoring account, you'll need to check with your team owner which can be found in the Team Members page.

This built-in function can be used just like any other BlazeMeter API Monitoring built-in functions, which means you can add it to your environment settings, initial variables, pre-request/post-response scripts, etc. To use it in scripts, make sure you're calling the function as get_secret(key) without the parenthesis:

// Example pre-request / post-response script
request.params.push({name:"api_key", value: get_secret("secret_key")});

Whenever you have a step in your API tests that's using the get_secret function, the results for that step will omit any information that might contain the value for that secret, including the headers and body for both request and response.

4-api-results.png

 

     

Test Your Website Performance NOW! Just Enter Your URL

arrow Please enter a valid URL

We're working on starting your first test

Testing 20 Virtual Users

Starting your test in around 2-4 minutes. Your report will appear once we've gathered the data.

0

Status: Preparing Your Test

Your email is required to complete the test. If you proceed, your test will be aborted.

Have more questions? Submit a request

0 Comments

Article is closed for comments.