Docs/Environment

Authentication

Nearly every real test needs to sign into the app under test. Assrt gives you three patterns, in increasing order of speed and robustness.

1. Fill the login form

Simplest and slowest: log in through the UI once at the start of every test. Fine for a handful of tests; painful for hundreds.

yaml
- navigate: /login
- type:
    element: email input
    text: "{{ env.TEST_EMAIL }}"
- type:
    element: password input
    text: "{{ secret.TEST_PASSWORD }}"
- click: sign in

2. Save and reuse auth state

Log in once in a setup test, save the cookies and local storage, and load them at the top of every other test.

yaml
# tests/_setup/login.yaml
- navigate: /login
- type: ...
- click: sign in
- save-auth-state:
    to: ./.auth/admin.json

# tests/dashboard.yaml
- load-auth-state:
    from: ./.auth/admin.json
- navigate: /dashboard

3. Inject a session directly

If your backend can mint a session token, skip the login form entirely and set the cookie yourself. This is the fastest option and the one most teams end up on for CI.

yaml
- cookie:
    action: set
    name: session
    value: "{{ secret.SESSION_TOKEN }}"
    domain: .example.com
Secrets
Test credentials belong in secret.*, never in test files or committed env files. Secrets are masked in logs and traces; var.* and env.* are not.