Credentials
Securely store and use credentials in your test prompts, cookies, and headers without exposing sensitive data
Credentials
Test-Lab allows you to store sensitive credentials (like login emails, passwords, and API keys) separately from your test plans. Reference them using a simple syntax, and they'll be securely injected at runtime.
Why Use Credentials?
- Security - Credentials are never visible in test prompts, logs, or reports
- Convenience - Define once, use across multiple test plans
- Team-friendly - Share test plans without exposing credentials
- Maintainability - Update credentials in one place when they change
Privacy note: Credentials are injected directly into form fields, cookies, and headers at runtime. They are never sent to or visible by the AI model. Your credentials remain completely private.
How It Works
- Store credentials in your account settings (key-value pairs)
- Reference them in test prompts, cookies, or headers using
{{credentials.<name>}} - Test-Lab fills the actual values at runtime
The AI agent sees only the placeholder references, never the actual values.
Creating Credentials
- Go to Settings → Credentials in the admin dashboard
- Click Add Credential
- Enter a name (e.g.,
loginEmail) and value (e.g.,test@example.com) - Click Save
Credential names must start with a letter and contain only letters, numbers, and underscores. Example: adminPassword, api_key_staging, user2Email
Using Credentials in Test Prompts
Reference credentials in your test instructions using double curly braces:
Go to /login and enter {{credentials.loginEmail}} in the email field
and {{credentials.loginPassword}} in the password field, then click Sign In.Syntax Rules
| Pattern | Valid | Notes |
|---|---|---|
{{credentials.loginEmail}} | ✅ | Correct format |
{{credentials.user_password}} | ✅ | Underscores allowed |
{{credentials.api2Key}} | ✅ | Numbers allowed (not at start of name) |
{{credentials.2faCode}} | ❌ | Name cannot start with a number |
{{ credentials.email }} | ❌ | No spaces inside braces |
{credentials.email} | ❌ | Must use double braces |
Using Credentials in Cookies
When configuring cookies at the project or test plan level, you can inject credentials into cookie values:
Name: auth_token
Value: {{credentials.sessionToken}}
Domain: myapp.comThis is useful for pre-authenticating tests with session cookies.
Using Credentials in Headers
Similarly, credentials can be used in custom HTTP headers:
Name: Authorization
Value: Bearer {{credentials.apiKey}}This allows you to inject API keys, authentication tokens, or other sensitive headers without exposing them in your configuration.
Example Test Plans
Login Flow Test
Credentials defined:
loginEmail→test@example.comloginPassword→SecurePass123!
Test prompt:
Go to https://myapp.com/login and test the sign-in flow:
1. Enter {{credentials.loginEmail}} in the email field
2. Enter {{credentials.loginPassword}} in the password field
3. Click the Sign In button
4. Verify the dashboard loads and shows the user is logged inAdmin vs User Testing
Store different credential sets for different user roles:
Credentials:
adminEmail/adminPassword- Admin account credentialsuserEmail/userPassword- Regular user credentials
Admin test:
Sign in with {{credentials.adminEmail}} and {{credentials.adminPassword}},
then verify the Admin Settings menu is visible.User test:
Sign in with {{credentials.userEmail}} and {{credentials.userPassword}},
then verify the Admin Settings menu is NOT visible.Injecting Credentials via UI
When creating or editing a test plan, you can easily insert credential references:
- Position your cursor in the test instructions field
- Click the Insert Credential dropdown below the field
- Select the credential you want to insert
- The
{{credentials.<name>}}reference is inserted at your cursor position
Validation
Test-Lab validates your test prompts before running:
- Syntax check - Ensures
{{credentials.<name>}}patterns are properly formatted - Existence check - Verifies all referenced credentials exist in your account
- Missing credentials - You'll see an error listing any undefined credential references
In Test Reports
For security, reports show the credential reference (e.g., {{credentials.loginEmail}}) rather than the actual value. This lets you share reports without exposing credentials.
Example report excerpt:
Step 4: Entering {{credentials.loginEmail}} and clicking Continue
advances to the password step without error. ✓Credentials Scope
Credentials are stored at the organization level. All team members with access to the organization can:
- Use credentials in test prompts
- See credential names (but not values)
- Add, edit, or delete credentials
Only credential names are visible in the UI. Values are masked and cannot be viewed after creation.
Best Practices
Naming Conventions
Use descriptive, consistent names:
| Good | Avoid |
|---|---|
stagingAdminEmail | email1 |
productionApiKey | key |
testUserPassword | pw |
Organize by Environment
Prefix names with environment names for clarity:
staging_adminEmailstaging_adminPasswordproduction_apiKey
Rotate Credentials
When credentials change:
- Update the credential value in Settings → Credentials
- All test plans using that credential automatically use the new value
- No need to update individual test plans
Troubleshooting
"Credential not found" error
- Verify the credential name exists in Settings → Credentials
- Check for typos in the
{{credentials.<name>}}reference - Ensure no extra spaces inside the braces
Login still failing?
- Verify the credential value is correct (you may need to re-enter it)
- Check if your app requires additional fields (e.g., 2FA codes)
- Try the credentials manually to confirm they work
Credentials not being filled?
- Ensure you're using the exact syntax:
{{credentials.<name>}} - The name is case-sensitive
- Check for invisible characters if copy-pasting