Storing secrets
For many monitoring situations you will want to use some secrets like user names, password and even credit card numbers. Here are our guidelines on using secrets with Checkly:
1. Use dedicated test users, test cards etc. These test users should have minimal privileges in your app. Do not use your
admin or root user. Make sure you can easily disable or block these users without recourse.
2. Keep secrets separate from your browser scripts and store them as environment secrets in Checkly. This way you can reuse secrets in multiple scripts and rotate them as needed.
3. Checkly encrypts your secrets: at rest in the database and in flight as we transport it to the check locations. Decryption is only done when we need to read it.
To learn how to create and manage variables and secrets in Checkly see variables and secrets.
Last updated on March 11, 2025. You can contribute to this documentation by editing this page on Github