Skip to main content

Masked Settings

It is a common security practice to never log sensitive data. To support this practice, Gwen will hide all settings that you flag as "masked" by logging their values as ●●●●● in all logs, reports, error messages and console outputs.

Flagging masked settings#

To flag a setting as masked, append :masked to its defined name.

For example, to mask a custom property named user.password, define it as follows in your settings file:

  user.password\:masked = secret

Note: You will need to escape : as \: in properties files

Alternatively, you can pass a masked setting directly to the Gwen CLI as a system property if you don't wish to store it in a file:


Using masked settings#

To use a masked setting, just reference it anywhere you need to using it's name (excluding the :masked suffix).


  When I enter "${user.password}" in the password field

When evaluated, the above will be logged as follows in all outputs:

  When I enter "●●●●●" in the password field

It is your resposibility to enter sensitive data such as passwords into password protected fields to prevent them from being displayed in the browser.

Custom mask character#

You can change the default mask character from to another character of your choice by assigning it to the gwen.mask.char setting.