Skip to content

k6 inspect fails when secrets are used in init context #6107

Description

@vtorosyan

Description

k6 inspect (and k6 archive) error out when a script calls secrets.get() at the top level (init context), even though the script runs correctly during normal execution. This is a common pattern among k6 users.

Steps to reproduce

// secrets.js
import secrets from 'k6/secrets';

const secretValue = await secrets.get('secret_name');

export default function() { }
$ k6 inspect secrets.js
ERRO[0000] no secret sources are configured   hint="script exception"

Expected behavior

k6 inspect is an analysis command — it should not require a fully configured secrets source to introspect a script's options. Ideally, it would either:

  • silently skip secret resolution during inspection, or
  • complete successfully and include a note in the output that the script requires a secrets source at runtime.

What works today

Moving the secrets.get() call inside the default function works:

export default async () => {
    const secretValue = await secrets.get('secret_name');
}

Passing the exact secrets via CLI also works, but is not always feasible:

$ k6 inspect --secret-source=mock=secret_name=value secrets.js

Context

This affects Synthetic Monitoring, where k6 inspect runs in a sandboxed environment that intentionally has no access to the secrets source — that is a security property of the environment, not a configuration gap. As the number of SM users grows, the number of scripts using top-level secrets.get() is also growing, making this a blocker for our preprocessing pipeline.

A possible approach is discussed in PR #6092, which proposes a dummy secret source that returns an empty value for any requested secret and never errors. This would allow k6 inspect to run without requiring a real secrets source. We'd welcome input from the core team on whether this direction is acceptable or if there's a cleaner path.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions