Transaction script workflows may require authentication to secure resources. To facilitate these scenarios, you can store and access login credentials, while keeping secure strings, such as passwords, hidden.
To manage login credentials, go to Cloud & Enterprise Agents > Test Settings > Credentials Repository tab.
To add a credential, click Add New Credential (1).
To delete a credential, hover over it in the list and click the trash icon (2). Then confirm that you want to delete this credential.
To edit a credential, click its row in the list.
To use credentials from this repository in a transaction test, you must first enable them in the test's settings.
To enable the credentials, go to Cloud & Enterprise Agents > Test Settings > Tests tab. Click the key icon and check the box next to your credential to enable it, as shown below:
In your transaction script, credential entries are accessed with the function
credentials.get('credentialName'). In practice, you might use this within a
typeText() function like so:
await typeText(credentials.get('myPassword'), By.id('passwordId'));
You can disallow all users, regardless of their permissions, from accessing transaction test credentials after they have been entered into the Credentials Repository. By default, these users include those with the Organization Admin or Account Admin roles, but may also include users with custom role definitions.
To disallow user credential access via the Web or API, users with the Edit security & authentication settings permission (i.e., the Organization Admin user role) can navigate to Account Settings > Organization Settings > Security and Authentication > Credentials Repository and toggle Disable global credential retrieval to override the View sensitive data in web transaction scripts permission setting. This action also prevents ThousandEyes support personnel from accessing user credentials. Changes to the Disable global credential retrieval setting are logged under Account Settings > Activity Log.
Keep in mind the following guidelines when you use credentials in your transaction tests:
Create a user with minimal permissions, dedicated only to transaction tests. This avoids potential interference caused by simultaneous logins.
Give each credential entry a descriptive name for easy recognition. Even if the number of users editing transactions tests is quite small, it can be key to the clarity of your scripts to have clear, organized credentials.
For added security, consider also saving username strings to the credentials repository.
This article is part of the Transaction Scripting Guide.
If you have any questions, contact the ThousandEyes Customer Engineering team.