diff --git a/dotnet/docs/ci-intro.mdx b/dotnet/docs/ci-intro.mdx index 14b6d6e444b..17f61aed3f7 100644 --- a/dotnet/docs/ci-intro.mdx +++ b/dotnet/docs/ci-intro.mdx @@ -85,6 +85,10 @@ You can upload Traces which get created on your CI like GitHub Actions as artifa ###### ![playwright trace viewer](https://github.com/microsoft/playwright/assets/13063165/84150084-5019-470a-8449-b61d206bfbb0) +## Properly handling Secrets + +Artifacts like trace files or console logs contain information about your test execution. They can contain sensitive data like user credentials for a test user, access tokens to a staging backend, testing source code or sometimes even your application source code. Treat these files just as careful as you treat that sensitive data. If you upload reports and traces as part of your CI workflow, make sure that you only upload them to trusted artifact stores, or that you encrypt the files before upload. The same is true for sharing artifacts with team members: Use a trusted file share or encrypt the files before sharing. + ## What's Next - [Learn how to use Locators](./locators.mdx) - [Learn how to perform Actions](./input.mdx) diff --git a/java/docs/ci-intro.mdx b/java/docs/ci-intro.mdx index ae357b3f121..84423e6c59a 100644 --- a/java/docs/ci-intro.mdx +++ b/java/docs/ci-intro.mdx @@ -80,6 +80,10 @@ Clicking on the workflow run will show you the all the actions that GitHub perfo ![playwright trace viewer](https://github.com/microsoft/playwright/assets/13063165/6d5885dc-d511-4c20-b728-040a7ef6cea4) +## Properly handling Secrets + +Artifacts like trace files or console logs contain information about your test execution. They can contain sensitive data like user credentials for a test user, access tokens to a staging backend, testing source code or sometimes even your application source code. Treat these files just as careful as you treat that sensitive data. If you upload reports and traces as part of your CI workflow, make sure that you only upload them to trusted artifact stores, or that you encrypt the files before upload. The same is true for sharing artifacts with team members: Use a trusted file share or encrypt the files before sharing. + ## What's Next - [Learn how to use Locators](./locators.mdx) - [Learn how to perform Actions](./input.mdx) diff --git a/nodejs/docs/ci-intro.mdx b/nodejs/docs/ci-intro.mdx index e787c094509..449ecb91099 100644 --- a/nodejs/docs/ci-intro.mdx +++ b/nodejs/docs/ci-intro.mdx @@ -151,6 +151,10 @@ The contents of the `$web` storage container can be accessed from a browser by u This step will not work for pull requests created from a forked repository because such workflow [doesn't have access to the secrets](https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions#using-secrets-in-a-workflow). ::: +## Properly handling Secrets + +Artifacts like trace files, HTML reports or even the console logs contain information about your test execution. They can contain sensitive data like user credentials for a test user, access tokens to a staging backend, testing source code or sometimes even your application source code. Treat these files just as careful as you treat that sensitive data. If you upload reports and traces as part of your CI workflow, make sure that you only upload them to trusted artifact stores, or that you encrypt the files before upload. The same is true for sharing artifacts with team members: Use a trusted file share or encrypt the files before sharing. + ## What's Next - [Learn how to use Locators](./locators.mdx) - [Learn how to perform Actions](./input.mdx) diff --git a/python/docs/ci-intro.mdx b/python/docs/ci-intro.mdx index 89eaab3f583..568d68045e9 100644 --- a/python/docs/ci-intro.mdx +++ b/python/docs/ci-intro.mdx @@ -87,6 +87,10 @@ Clicking on the workflow run will show you the all the actions that GitHub perfo ![playwright trace viewer](https://github.com/microsoft/playwright/assets/13063165/6d5885dc-d511-4c20-b728-040a7ef6cea4) +## Properly handling Secrets + +Artifacts like trace files or console logs contain information about your test execution. They can contain sensitive data like user credentials for a test user, access tokens to a staging backend, testing source code or sometimes even your application source code. Treat these files just as careful as you treat that sensitive data. If you upload reports and traces as part of your CI workflow, make sure that you only upload them to trusted artifact stores, or that you encrypt the files before upload. The same is true for sharing artifacts with team members: Use a trusted file share or encrypt the files before sharing. + ## What's Next - [Learn how to use Locators](./locators.mdx) - [Learn how to perform Actions](./input.mdx)