HOME / DOCUMENTATION / Secrets

Secrets

The Secrets feature allows you to store your secret value encrypted in the Acunetix scanner and used as a global variable that can be dynamically referred to during the scan. Using the secret improves the security of your sensitive data.

This document explains how to create and use a secret.

Create a secret

While creating a secret is possible in Acunetix 360 On-Demand, using it with Pre-Request Script or Post-Request Script requires access to those features. Refer to the linked documentation for information on how to enable them.

  1. Select Scans > New Scan from the left-side menu.
  2. In the Scan Settings section click Secrets.
  3. Click + New Secret to add a new secret.

New Secret option in scan settings in Acunetix 360.

  1. Type a secret’s Name and Value in the text fields.

Adding a secret as a global value in Acunetix 360.

  1. You can now refer to the Secret in a Pre-Request Script, Post-Request Script, or Header Authentication.
  2. Click Save Profile to save the settings of the scan for future use or Launch to run the scan.

How to use a secret

Refer to the Secret using Pre-Request, Post-Request Script or Header Authentication.

Use a secret with a script

To dynamically refer to the secret, use the following example code in your script:

var myToken = invicti.getGlobalVariable("MySecret");

For more information regarding scripts, refer to the Pre-request scripts and Post-request scripts documents. 

Use a secret with header authentication

To refer to the secret in Header authentication use the name of your secret in curly braces as a Value, for example: {MySecret}.

The secret will be visible as a Value in the Request/Response tab in the Scan summary.

For more information, refer to the Configuring header authentication document.