Documentationbreadcrumb arrow Grafana k6breadcrumb arrow Using k6breadcrumb arrow Secret sourcebreadcrumb arrow Cloud
Open source

Cloud secret source

When you run tests in Grafana Cloud using k6 cloud run, secrets management is available automatically. The cloud secret source brings that same access to local execution runs with k6 cloud run --local-execution, so you can use the same secrets without managing credentials locally.

Note

The cloud secret source only works with k6 cloud run --local-execution. Using it with k6 run returns an error.

Before you begin

  • Authenticate with Grafana Cloud k6 using k6 cloud login.
  • Configure the secrets you want to use in Grafana Cloud k6.

Use the cloud secret source

Starting in k6 v2.0.0, the cloud secret source is enabled automatically when you run k6 cloud run --local-execution. You don’t need to pass any flag, and secrets.get() works out of the box:

Bash 
k6 cloud run --local-execution script.js

k6 automatically configures the credentials needed to fetch secrets from Grafana Cloud. No tokens, endpoints, or passwords are required on the command line.

k6 automatically redacts all secrets from logs.

Opt out with --no-cloud-secrets

If you don’t want the cloud secret source enabled, pass --no-cloud-secrets:

Bash 
k6 cloud run --local-execution --no-cloud-secrets script.js

With this flag, calls to secrets.get() for the cloud source will fail unless you explicitly configure another source.