Skip to content

Manage test secrets

Performance tests usually need credentials — an API token, a service account password, a webhook signing key. Maxoperf keeps these values in project secrets so they never live in your test files and never appear in run logs.

  • A project secret is a named, encrypted value stored at the project level.
  • Each test binds the secrets it needs and maps each one to an environment-variable name.
  • At run time, Maxoperf injects those variables into the runner before your test starts.
  • The runtime payload is short-lived and scoped to one run.
  1. Open the project that owns the test and switch to the Secrets tab.

    Secrets hub — pick the workspace vault, then open its secrets page to add a project secret.
  2. Click New secret. Give it a clear name like checkout-api-token.

  3. Paste the value. It is encrypted as soon as you save.

  4. Save. The secret appears in the list with the value masked.

You can rotate a secret by editing it; new runs use the new value, and the previous value is no longer accessible.

  1. Open the test and switch to the Settings tab.
  2. Add a secret binding. Pick the project secret you created.
  3. Choose the environment-variable name the test expects — for example, SECRET_CHECKOUT_API_TOKEN.
  4. Save. Future runs of this test will see the variable.

In your test files, read the variable normally. For example:

  • Taurus: ${__env(SECRET_CHECKOUT_API_TOKEN)}
  • k6: __ENV.SECRET_CHECKOUT_API_TOKEN
  • JMeter: ${__BeanShell(System.getenv("SECRET_CHECKOUT_API_TOKEN"))}
  • Secret values are never written to result pages, run logs, or downloaded artifact bundles.
  • Secret values are never available to teammates without project-level access.
  • Secret values are never logged by the runner — only the names of injected variables appear in diagnostic output.