Hide Sensitive Data

Learn how to prevent sensitive test data from appearing in the logs of Playwright tests in BrowserStack Automate.

Some tests that work with user data might include sensitive information, such as email ID, user names, etc. Based on the commands that you use, the Text Logs or the Raw Logs that are generated might expose this sensitive data.

This guide shows you how to mask sensitive data appearing in Text Logs or the Raw Logs using the browserstack.maskCommands capability.

It is recommended that you disable the Playwright logs since the browserstack.maskCommands capability masks only the sensitive data from Text & Raw Logs. The sensitive information from Playwright Logs remains unmasked.

Use the browserstack.maskCommands capability

Use the code snippet to set the browserstack.maskCommands capability. You can pass multiple supported commands in a single array, separated by commas as follows:

capabilities['browserstack.maskCommands'] = 'sendType, sendPress, setHTTPCredentials, setStorageState, setGeolocation'

The browserstack.maskCommands capability masks data that you send to or retrieve from the remote browsers through the following commands. For example, when you set value as sendType, BrowserStack masks sensitive data sent through any .type command in your script:

Capability	BrowserStack command	Example Playwright command
browserstack.maskCommands	`sendType` Masks the `type` method of the `ElementHandle` and `Locator` class.	`await element.type('Browserstack');`
	`sendPress` Masks the `press` method of the `ElementHandle` and `Locator` class.	`await element.press('Enter');`
	`setHTTPCredentials` Masks the HTTP credentials parameter in the `newContext` and `newPage` method of the `browser` class.	`await browser.newContext({httpCredentials: { username: "admin", password: "admin" }})`
	`setStorageState` Masks the storage state parameter in the `newContext` and `newPage` method of the `browser` class.	`await browser.newContext({storageState: 'state.json'})`
	`setGeolocation` Masks the Geolocation parameter in the `newContext` and `newPage` method of the `browser` class.	`await browser.newContext({geolocation: { longitude: -118.242766, latitude: 34.0536909 }})`
	`setWebAuthnCredentials` Masks the authentication parameters such as authenticatorID, credentialID and privatekey as part of `WebAuthn` class and its methods.	`await client.send('WebAuthn.addCredential', {authenticatorId: authenticatorId,credential: {credentialId: 'credentialid here',isResidentCredential: false,privateKey: 'privatekeyhere'}});`

View test results

After you run your test, visit the Automate dashboard to view your test results.

When the browserstack.maskCommands capability is used for the supported commands, all requested commands are replaced with REDACTED VALUE in your Text Logs or the Raw Logs. Image of logs where sendkeys input is shown as redacted

Did this page help you?

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

This page has exactly what I am looking for
This content & code samples are accurate and up-to-date
The content on this page is easy to understand
Other (please tell us more below)

Any additional feedback?

Thank you for your valuable feedback

Is this page helping you?

Yes

We're sorry to hear that. Please share your feedback so we can do better

Contact our Support team for immediate help while we work on improving our docs.

We're continuously improving our docs. We'd love to know what you liked

This page has exactly what I am looking for
This content & code samples are accurate and up-to-date
The content on this page is easy to understand
Other (please tell us more below)

Any additional feedback?

Thank you for your valuable feedback!