Secrets
Store sensitive values in the platform and access them as environment variables in your tests.
Secrets let you store sensitive values (API keys, passwords, tokens) in the Heal platform so they never have to be committed to your repository. Each secret is injected as an environment variable when your tests run.
Adding a secret
- Open your project in the Heal dashboard and go to the Secrets tab.
- Click Add secret.
- Enter a name (e.g.
ADMIN_PASSWORD) and its value, then save.
Secret values are write-only after creation: you can update or delete them, but they cannot be read back through the UI.
Using secrets in tests
Secrets are available via process.env in your test code, the same as any other environment variable.
test('admin can access the dashboard', async ({ heal }) => {
const { page, agent } = await heal.getPage();
await page.goto('https://app.example.com/login');
await page.fill('[name="email"]', 'admin@example.com');
await page.fill('[name="password"]', process.env.ADMIN_PASSWORD!);
await agent.healClick('The sign in button');
await agent.healExpect('The admin dashboard is visible');
});Secrets are only injected during runs triggered by Heal (scheduled or manual runs from the dashboard). When running tests locally with the CLI, set the variables in your shell or a .env file that is not checked into version control.