NOTE: The Secrets Management feature requires a qualifying plan. Check your plan or contact Sales to get started.
The Secrets feature allows team owners (and admins) to create and manage variables with a key/value pair, where the value is encrypted and hidden, and allows all team members to use the variables in their tests with the new built-in function {{get_secret(key)}}
.
In the same way you might have a .env
or config
file in your app that includes sensitive variables you don't want to be checked in to your project's version control repository, our Secrets feature can help you keep sensitive information secure.
A few common cases where secrets can be used:
- You might have an API key or access token that you do not wish to be visible in your tests for security reasons
- You're working with an API that requires authentication credentials that you don't want exposed
- You don't want to send certain information to third-party integrations
Creating Secrets
Important! Only team owners are able to view the secrets menu and create/edit/delete secrets variables.
Click on your profile on the top-right and select Secrets from the dropdown:
On the Secrets page, if you are the team owner you'll see Add Secret. Click on it to create a new secret key/value pair, enter the name that will be used to access it throughout your tests, and the value:
Click Save Changes, and you're all set!
NOTE: Secrets have a 1,024 character limit.
Editing Secrets
To edit your existing secrets, go back to the Secrets page and click on Edit next to the secret you wish to change the value for.
Enter the new value, and click Save Changes.
Using Secrets
To use secrets in your tests, you'll have to use a built-in function:
Variable/Function | Description |
{{get_secret(key)}} |
Retrieves the secret value for the key name. |
To see what secrets are available in your BlazeMeter API Monitoring account, you'll need to check with your team owner which can be found in the Team Members page.
This built-in function can be used just like any other BlazeMeter API Monitoring built-in functions, which means you can add it to your environment settings, initial variables, pre-request/post-response scripts, etc. To use it in scripts, make sure you're calling the function as get_secret(key)
without the parenthesis:
// Example pre-request / post-response script
request.params.push({name:"api_key", value: get_secret("secret_key")});
Whenever you have a step in your API tests that's using the get_secret
function, the results for that step will omit any information that might contain the value for that secret, including the headers and body for both request and response.
0 Comments