Description
SeleniumLibrary currently does not support Robot Framework Secret values when they are passed to keywords expecting string arguments.
For example, when using a Secret as the url argument of Open Browser, the browser is not opened successfully.
To make it work, I have to explicitly use ${url.value} instead of ${url}. However, this defeats the purpose of using Secret, because the URL is then logged in clear text in Robot Framework log files.
Example
*** Settings ***
Library SeleniumLibrary
*** Test Cases ***
Open Browser With Secret URL
${url}= Get Secret https://example.com?token=secret-token
Open Browser ${url} Firefox
Current behavior
Passing a Secret object directly causes the keyword to fail.
A subsequent keyword then reports:
[FAIL] No browser is open.
The only workaround is to use:
Open Browser ${url.value} Firefox
This opens the browser correctly, but the secret URL is no longer protected and is written in clear text to Robot Framework log files.
Expected behavior
Keywords accepting string arguments should also accept Robot Framework Secret values.
SeleniumLibrary should automatically unwrap the Secret internally before passing the value to Selenium, while preserving Robot Framework's secret masking in logs and reports.
This would allow users to use sensitive URLs (for example, URLs containing authentication tokens or embedded credentials) without exposing them in log files.
Environment
- Robot Framework: 7.4.2
- SeleniumLibrary: 6.9.0
Additional question
If this is not something that should be implemented in SeleniumLibrary, could you please advise whether support for Secret values should instead be implemented in Robot Framework?
Description
SeleniumLibrary currently does not support Robot Framework
Secretvalues when they are passed to keywords expecting string arguments.For example, when using a
Secretas theurlargument ofOpen Browser, the browser is not opened successfully.To make it work, I have to explicitly use
${url.value}instead of${url}. However, this defeats the purpose of usingSecret, because the URL is then logged in clear text in Robot Framework log files.Example
Current behavior
Passing a
Secretobject directly causes the keyword to fail.A subsequent keyword then reports:
The only workaround is to use:
This opens the browser correctly, but the secret URL is no longer protected and is written in clear text to Robot Framework log files.
Expected behavior
Keywords accepting string arguments should also accept Robot Framework
Secretvalues.SeleniumLibrary should automatically unwrap the
Secretinternally before passing the value to Selenium, while preserving Robot Framework's secret masking in logs and reports.This would allow users to use sensitive URLs (for example, URLs containing authentication tokens or embedded credentials) without exposing them in log files.
Environment
Additional question
If this is not something that should be implemented in SeleniumLibrary, could you please advise whether support for
Secretvalues should instead be implemented in Robot Framework?