Scripts in A11y Pulse have always made it easy to test pages behind authentication, but until now there was no safe place to store the passwords those scripts needed. Credentials had to be written directly into the script, where anyone with edit access to your account could see them.
With secrets, you can store sensitive values — passwords, API tokens, or any string — encrypted and separate from your scripts. Reference them by name in any script using secret("NAME"):
navigate("https://app.example.com/login");
fill("input[name=email]", "[email protected]");
fill("input[name=password]", secret("MY_PASSWORD"));
click("button[type=submit]");Secrets are managed from the Secrets section of your team’s Settings page. They are write-only — the value cannot be retrieved after creation. If a secret is deleted or renamed, any scan that references it will fail immediately with a descriptive error identifying the missing secret by name.