From 4e905cff59e3e3e5b5566d410b2b49e9ab22ecb0 Mon Sep 17 00:00:00 2001 From: Michael Sitarzewski Date: Sat, 6 Jun 2026 17:34:21 -0500 Subject: [PATCH] fix: scrub hardcoded test credentials (#477) (#571) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace literal passwords in two testing-agent code samples with environment-variable reads — the secure, idiomatic pattern for each framework rather than a placeholder string: - testing-api-tester.md: 'secure_password' -> process.env.TEST_USER_PASSWORD - testing-performance-benchmarker.md: 'password123' -> __ENV.TEST_USER_PASSWORD (k6) Removes the weak-credential examples flagged in #477 and models good secrets hygiene for anyone copying these snippets. Closes #477 Co-authored-by: Claude Opus 4.8 (1M context) --- testing/testing-api-tester.md | 2 +- testing/testing-performance-benchmarker.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/testing/testing-api-tester.md b/testing/testing-api-tester.md index c2f132f..1ea5e50 100644 --- a/testing/testing-api-tester.md +++ b/testing/testing-api-tester.md @@ -74,7 +74,7 @@ describe('User API Comprehensive Testing', () => { headers: { 'Content-Type': 'application/json' }, body: JSON.stringify({ email: 'test@example.com', - password: 'secure_password' + password: process.env.TEST_USER_PASSWORD }) }); const data = await response.json(); diff --git a/testing/testing-performance-benchmarker.md b/testing/testing-performance-benchmarker.md index 4e90dac..1845fb5 100644 --- a/testing/testing-performance-benchmarker.md +++ b/testing/testing-performance-benchmarker.md @@ -90,7 +90,7 @@ export default function () { // Test critical user journey const loginResponse = http.post(`${baseUrl}/api/auth/login`, { email: 'test@example.com', - password: 'password123' + password: __ENV.TEST_USER_PASSWORD }); check(loginResponse, {