Authentication

vibetest auto-discovers credentials in several convenient ways.

Priority order

1. .vibetest.json — recommended. Stores tokens, cookies, headers.
2. Environment variables — VIBETEST_TOKEN, JWT_TOKEN, or AUTH_TOKEN.
3. Automatic browser capture — open browser, log in, and vibetest captures tokens/cookies.
4. Manual entry — supply a bearer token when prompted.

Config file example

{
  "token": "your-jwt-token-here",
  "cookies": { "session": "..." },
  "headers": { "X-API-Key": "..." }
}
      

Automatic capture

When you choose automatic capture, vibetest opens a browser and monitors network traffic to locate Authorization headers, JWTs in responses, cookies, and tokens in localStorage. You can opt to save captured credentials to .vibetest.json.

Security tips

• Add .vibetest.json to .gitignore.
• Use short-lived test tokens and rotate regularly.
• Prefer environment variables for CI usage.

See AUTH.md for the full details and examples.