Skip to main contentPrinciples
- Least privilege: only the minimum credentials required for tests
- Isolation: sandboxed execution and ephemeral environments for runs
- Transparency: human-readable reports and machine-readable logs
Data Handling
- Credentials
- Configure API keys and logins in the TestSprite portal; avoid hardcoding in tests
- Support for environment variables and secret injection
- Artifacts
- Test artifacts (screens/videos/logs) stored under
testsprite_tests/
- Configure retention in CI to match your policy
- PII/Secrets
- Mask sensitive values in logs and reports when configured
Access & Authorization
- Auth Flows
- Frontend: gated routes, role-based visibility
- Backend: tokens, scopes, and permissions validated in tests
- Principle of least privilege in test accounts
- Rotate test credentials periodically
Compliance Alignment
- PRD-driven and plan-based testing provides traceability from requirement to test
- Reports include per-test outcomes for audit readiness
- Supports segregation of duties: TestSprite analyzes, IDE applies fixes with approval
Best Practices
- Store secrets in your secret manager (not the repo)
- Use dedicated test tenants and accounts
- Review healing proposals before applying to production branches
- Limit artifact exposure in public logs; use private CI storage
