# Variables & secrets

> For the complete documentation index, see [llms.txt](/llms.txt)

Environments, tokens and credentials live in variables — not hardcoded in
scenarios.

## Two files

- `unotest/.env` — ordinary variables.
- `unotest/.secrets` — secrets, git-ignored.

Reference them by **bare `UPPER_SNAKE` identifiers** in scenarios:

```js
goto(APP_BASE_URL + "/login");
fill(getByLabel("Email"), TEST_USER_EMAIL);
fill(getByLabel("Password"), TEST_PASSWORD);
```

:::caution[No mustache]
Don't write `"{{VAR}}"` string literals — reference the bare identifier. The
linter errors on mustache in the DSL.
:::

## Secrets are masked

Values registered as secrets are redacted in logs and failure artifacts (shown
as `‹secret:NAME›`), so they never leak into a trace or a screenshot bundle.

## Across environments

Because the test references variables, the same scenario runs against dev,
staging or prod — just change the values. The [viewer](/viewer/overview/)'s
**Variables** panel lets you edit values, reveal/hide secrets, and toggle boolean
flags without leaving the window.