DEV Community

Cover image for Introducing secret variables in Hoppscotch Environments
Kiran Johns for Hoppscotch

Posted on

Introducing secret variables in Hoppscotch Environments

Hoppscotch is a powerful yet simple-to-use API testing suite. It removes a lot of complexity, making it easy for anyone to get started with API testing. Try Hoppscotch now!

Hoppscotch Environments allow you to group together a set of variable data, making it easier to reuse and share data when developing and testing APIs with your team. Environments allow you to assign any data to a variable.

With the introduction of secrets in a Hoppscotch environment, we aim to make it easy for you to manage sensitive information such as tokens, API keys, and passwords. Secrets not only enhance the security of managing your secrets but also prevent accidental sharing with third parties.

Secrets

When you create a secret in a personal or shared workspace, the value of the variable will never be synced with our servers. This means that the value of the secrets you configure will not be shared with any of your teammates. It is expected that the rest of your team will populate their own secrets before testing APIs.

Secret variables in Hoppscotch

Furthermore, secret variables will not be exported when exporting an environment from Hoppscotch. To prioritize security, secret values are masked using asterisks (*****) throughout Hoppscotch, preventing accidental leakage when sharing your screen or from shoulder surfing.

Moreover, in a shared workspace, workspace owners and editors can create, delete, edit, and use secrets. On the other hand, workspace viewers only have the ability to add values to already created secrets.

Secret variables in the CLI

When using the Hoppscotch CLI, there are two approaches to resolving secret values:

  1. You can use a secrets manager to load the variables and values into your operating system environment. Secrets loaded from the environment will be masked using asterisks(*****) on the CLI (recommended approach)
  2. Alternatively, you can edit the environment export file and manually add your secrets as regular variables.

At Hoppscotch, ensuring a safe and secure API development and testing workflow is one of our top priorities. We believe that the addition of secret variables will make it easier for you to manage your API secrets.

If you have any product feedback, please feel free to reach out to us at hello@hoppscotch.io or raise an issue on our GitHub repository.

Top comments (0)