Principles
- Least privilege: only the minimum credentials required for tests
- Isolation: sandboxed execution and ephemeral environments for runs
- Transparency: human-readable reports and machine-readable logs
Data Handling
Credentials- Configure API keys and logins in the TestSprite portal; avoid hardcoding in tests
- Support for environment variables and secret injection
- Test artifacts (screens/videos/logs) stored under
testsprite_tests/ - Configure retention in CI to match your policy
- Mask sensitive values in logs and reports when configured
Access & Authorization
- Auth Flows
- Frontend: gated routes, role-based visibility
- Backend: tokens, scopes, and permissions validated in tests
- Principle of least privilege in test accounts
- Rotate test credentials periodically
Compliance Alignment
- PRD-driven and plan-based testing provides traceability from requirement to test
- Reports include per-test outcomes for audit readiness
- Supports segregation of duties: TestSprite analyzes, IDE applies fixes with approval
Best Practices
Store Secrets Securely
Store Secrets Securely
Store secrets in your secret manager (not the repo)
Use Dedicated Test Accounts
Use Dedicated Test Accounts
Use dedicated test tenants and accounts
Review Healing Proposals
Review Healing Proposals
Review healing proposals before applying to production branches
Limit Artifact Exposure
Limit Artifact Exposure
Limit artifact exposure in public logs; use private CI storage