Secrets
Secrets let you store sensitive values (like login credentials) that navable uses during audits to access authenticated pages. Secrets are managed in Settings → Audit Settings.
Adding a Secret
- Go to Settings → Audit Settings.
- Scroll to the Secrets section.
- Click Add Secret.
- Fill in the fields:
| Field | Description |
|---|---|
| Name | A label for the secret (e.g., "Test Account Password") |
| Field Hint | Describes where the secret is used (e.g., "Password field on login page") |
| Value | The secret value (masked after saving) |
- Save the secret.
Using Secrets in Interaction Steps
When configuring interaction steps, you can reference stored secrets instead of typing raw values. For example, a login flow might look like:
- Navigate to your login page.
- Type the stored username secret into the email field.
- Type the stored password secret into the password field.
- Click the "Sign In" button.
- Wait for the authenticated page to load.
Security
- Secrets are encrypted at rest using industry-standard encryption.
- Secret values are never sent to AI models or exposed in audit results, logs, or the UI after saving.
- You can delete secrets at any time from the Audit Settings page.
Best Practices
- Use dedicated test accounts — Create a test account specifically for navable audits rather than using personal credentials.
- Minimal permissions — Give the test account only the permissions needed to access the pages you want to audit.
- Keep secrets updated — If the test account password changes, update the stored secret in navable to avoid audit failures.