# Add API keys and secrets TestVibe uses GitHub Actions secrets for sensitive values needed during AI generation and test runs. Secrets are stored in GitHub, not displayed back in plain text, and made available to workflows when they run. ## Secrets Vs Variables | Type | Use for | Visibility | | -------- | ------------------------------------------------- | --------------------- | | Secret | API keys, passwords, tokens, private credentials. | Hidden after saving. | | Variable | Non-sensitive configuration values. | Stored as plain text. | Use a secret whenever the value should not appear in logs, screenshots, repository pages, or shared docs. ## AI Provider Keys When you choose an AI agent, TestVibe may ask for an API key. TestVibe saves that key as a repository secret with the name expected by the agent. Common examples: | Agent family | Secret name | | ------------------- | ------------------- | | OpenAI or Codex | `OPENAI_API_KEY` | | Anthropic or Claude | `ANTHROPIC_API_KEY` | If the selected agent does not require a key from you, TestVibe may hide or disable the API key field. ## Add Or Replace A Key 1. Open the repository in TestVibe. 2. Open **Settings**. 3. Open the repository settings or **Secrets** page. 4. Choose the AI agent if you are setting a provider key. 5. Enter the new key. 6. Save the setting. After saving, TestVibe may show a placeholder such as `***` to indicate a secret exists. That does not mean the key value is visible. ## Add A Workflow Secret Use repository secrets for values your generated tests need, such as: | Secret | Example use | | ------------------ | ----------------------------------------------- | | Login username | Signing in before running a protected workflow. | | Login password | Completing an automated sign-in flow. | | Test account token | Calling a setup API before browser steps. | | Provider API key | Allowing AI generation or integrations to run. | Use clear names that are easy to recognize later, such as `TEST_USER_EMAIL`, `TEST_USER_PASSWORD`, or `STAGING_API_TOKEN`. ## Repository Or Organization Scope Depending on your GitHub organization and permissions, TestVibe may show repository and organization scopes. | Scope | Use when | | ------------ | ------------------------------------------------------------- | | Repository | The value belongs only to the selected project. | | Organization | The same value should be shared across approved repositories. | If you cannot view or edit organization secrets, ask a GitHub organization administrator. ## Safe Handling Tips * Do not paste API keys into test instructions. * Do not store passwords as variables. * Rotate keys if they were copied into the wrong place. * Use dedicated test accounts rather than personal credentials. * Give secrets names that explain their purpose without exposing the value. ## Troubleshooting If generation or a run reports a missing key, confirm the secret name matches what the agent or workflow expects. See [Missing secrets](/troubleshooting/missing-secrets.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.testvibe.com/workspace/add-api-keys-and-secrets.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.