[WIP] How To Create Secret In Synthetic Monitoring#103
[WIP] How To Create Secret In Synthetic Monitoring#103TheComeUpCode wants to merge 9 commits intomainfrom
Conversation
TheComeUpCode
requested review from
Jayclifford345,
jdbaldry,
moxious,
simonprickett and
tomglenn
as code owners
|
This is still work a progress please do not review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
| ] | ||
| } | ||
| ], | ||
| "id": "performace-multistep-guided", |
There was a problem hiding this comment.
Duplicate section IDs will cause reference conflicts
Medium Severity
Two different sections share the same id value "performace-multistep-guided". The section titled "Create A Secret" at line 58 and the section titled "Create A Check With A Synthetic Monitoring Secret" at line 147 both use this duplicate ID. This will cause issues with navigation, anchoring, or any system that references sections by their unique identifier.
Additional Locations (1)
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
| "type": "interactive", | ||
| "action": "formfill", | ||
| "reftarget": "div[data-testid='data-testid Code editor container']", | ||
| "content": "In the script editor:\n\nImport the secrets module at the top:\n\n`import secrets from 'k6/secrets';`\n\nReference your secrets in the script:\n\n`const username = secrets.get('QuickPizza Username');`\n`const password = secrets.get('QuickPizza Password');`\n\n(Optional) Add a log to see how secrets are redacted:\n\n`console.log(`Trying to log secret: ${username}`);`\nNotice that the example script already includes secret placeholders as comments. Uncomment these lines to use them.", |
There was a problem hiding this comment.
Secret names mismatch between creation and usage
High Severity
The tutorial creates secrets named quickpizza-username and quickpizza-password, but the script example references them as QuickPizza Username and QuickPizza Password via secrets.get(). These names don't match, so following the tutorial as written would result in the secrets not being found at runtime.
Additional Locations (2)
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
| "reftarget": "div[data-testid='data-testid Code editor container']", | ||
| "content": "In the script editor:\n\nImport the secrets module at the top:\n\n`import secrets from 'k6/secrets';`\n\nReference your secrets in the script:\n\n`const username = secrets.get('QuickPizza Username');`\n`const password = secrets.get('QuickPizza Password');`\n\n(Optional) Add a log to see how secrets are redacted:\n\n`console.log(`Trying to log secret: ${username}`);`\nNotice that the example script already includes secret placeholders as comments. Uncomment these lines to use them.", | ||
| "targetvalue": "@@CLEAR@@" | ||
| }, |
There was a problem hiding this comment.
Formfill clears code editor without providing replacement script
High Severity
The targetvalue is @@CLEAR@@ which only clears the code editor without filling in any script content. The existing usage in shared/snippets/query-textarea-formfill.json shows @@clear@@ is a prefix directive followed by the actual content to insert (e.g., @@clear@@your_query_here). Here, the "Do It" action would wipe the editor and leave it empty, despite the content instructing users to add import statements and secrets.get() calls. The casing (@@CLEAR@@ vs. @@clear@@) may also prevent the directive from being recognized.
|
Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.
Or push these changes by commenting: Preview (081d4046f0)diff --git a/how-to-setup-secrets-tutorial/content.json b/how-to-setup-secrets-tutorial/content.json
--- a/how-to-setup-secrets-tutorial/content.json
+++ b/how-to-setup-secrets-tutorial/content.json
@@ -187,7 +187,7 @@
"action": "formfill",
"reftarget": "div[data-testid='data-testid Code editor container']",
"content": "In the script editor:\n\nImport the secrets module at the top:\n\n`import secrets from 'k6/secrets';`\n\nReference your secrets in the script:\n\n`const username = secrets.get('QuickPizza Username');`\n`const password = secrets.get('QuickPizza Password');`\n\n(Optional) Add a log to see how secrets are redacted:\n\n`console.log(`Trying to log secret: ${username}`);`\nNotice that the example script already includes secret placeholders as comments. Uncomment these lines to use them.",
- "targetvalue": "@@CLEAR@@"
+ "targetvalue": "@@clear@@import secrets from 'k6/secrets';\nimport { browser } from 'k6/browser';\n\nexport default async function () {\n const username = secrets.get('quickpizza-username');\n const password = secrets.get('quickpizza-password');\n \n console.log(`Trying to log secret: ${username}`);\n \n const page = await browser.newPage();\n await page.goto('https://quickpizza.grafana.com/admin');\n \n // Add your test logic here\n \n await page.close();\n}"
},
{
"type": "multistep", |
updating guide
1 participant
Note
Low Risk
Content-only addition (tutorial JSON) with no code-path, security, or data-handling changes; main risk is selectors/steps drifting from the UI and causing the guide to break.
Overview
Adds a new
how-to-setup-secrets-tutorial/content.jsoninteractive guide for Grafana Cloud Synthetic Monitoring secrets management.The tutorial covers navigating to the Secrets config UI, creating username/password secrets via multistep form interactions, using secrets in a Browser check script (including
k6/secretsexamples), and basic edit/delete flows, with intro/outro markdown content.Written by Cursor Bugbot for commit 96b74ad. This will update automatically on new commits. Configure here.