Secrets let you store sensitive values like passwords and API tokens, encrypted and separate from your scripts. Instead of writing a password directly in a script, you reference it by name using secret("NAME"), and A11y Pulse resolves the value at scan time.
Contents:
Creating a secret
Secrets are managed from the Secrets section of your team’s Settings page. To create a secret:
- Go to Settings and scroll to the Secrets section.
- Click Add Secret.
- Enter a name and value, then click Save.
Once created, the value cannot be retrieved. If you need to update a secret’s value, delete it and create a new one with the same name.
Using a secret in a script
Reference a secret in any script using secret("NAME"). The value is resolved at the start of each scan and substituted in place. It can be used anywhere a string value is accepted:
// Navigate to the login page and fill in credentials.
navigate("https://app.example.com/login");
fill("input[name=email]", "[email protected]");
fill("input[name=password]", secret("MY_PASSWORD"));
click("button[type=submit]");If a secret with the given name does not exist when the scan runs, the scan will fail immediately with a descriptive error message.
For a full list of functions that accept string values, see the Scripting Reference.
Secret names
Secret names must contain only letters (a–z, A–Z), digits (0–9), and underscores (_). Names are case-sensitive: MY_PASSWORD and my_password are treated as different secrets. Maximum length is 255 characters.
Deleting a secret
To delete a secret, click Delete next to it in the Secrets section of Settings. Deletion is immediate. Any script that references the deleted secret will fail at the next scan with an error message identifying the missing secret by name.