Overview
Storing credentials directly in test steps can lead to accidental exposure and makes maintenance difficult. Secrets in TestCollab allow you to store sensitive values securely and reference them in your test cases without revealing the actual data.
This helps you keep your tests clean, reusable, and secure.
What are Secrets?
Secrets are secure, project-level values that can be used across test cases. Common examples include:
Login usernames and passwords
API tokens and keys
Environment-specific credentials
Instead of entering these values directly in test steps, you reference them using a simple placeholder.
Why use Secrets?
Using Secrets helps you:
Keep sensitive data out of test steps
Reuse credentials across multiple test cases
Prevent accidental exposure of passwords or tokens
Allow teams to run tests without sharing actual values
Where to find Secrets
You can manage secrets from:
Project Settings → Secrets
From here, you can create, update, or delete secrets based on your permissions.
Add a new Secret
To create a secret:
Go to Project Settings → Secrets
Click Add Secret
Enter a Name and Value
Save your changes
Use clear and consistent names so your team can easily identify and reuse them.
Use a Secret in a test case
When editing a test step, type:
{secrets.A list of available secrets will appear. Select the one you want to use.
Example:
Enter {secrets.Password} as passwordThis inserts a reference instead of the actual value.
How Secrets appear in test cases
Secrets are displayed as references such as
{{secrets.NAME}}The actual value remains hidden
This ensures sensitive data is not exposed when viewing or sharing test cases
Viewing a Secret's Value
Not every user has permission to view the value stored for a secret. Only administrators or users with roles that have been granted permission to reveal the secret's value can see it. Clicking the "Reveal value" button next to the secret will display the value temporarily.
Permissions and access
Secrets are protected through role-based access:
Some users can manage secrets
Some can use them in test cases
Only authorised users can reveal actual values
This ensures that sensitive data is only accessible to the right people.
More on roles and permissions.
Secrets vs Datasets
It is important to understand the difference:
Secrets are for sensitive data such as passwords and tokens
Datasets are for reusable test inputs and variations
Secrets are not treated as dataset columns and are handled separately.
Best practices
Always store sensitive data as secrets instead of writing them in test steps
Use clear naming conventions (for example,
API_TOKEN,ADMIN_PASSWORD)Limit who can view or reveal secret values
Keep secrets and datasets separate for better organisation
Availability
The Secrets feature may depend on the plan your company has subscribed to. If you do not see it in your project settings, contact your workspace admin.