At the moment when testing items, if they use any secret or vault macros they need to be provided manually in the test window.
This is for security reasons, the frontend should not read secret macros from DB and that's OK.
But there are 2 issues with this:
1) When secret macro value is entered in the test window it is sent to the server unencrypted.
2) Macro value must be known or accessible to persons that need to test this.

There is a chance that the macro already exists in the DB or at the vault, so in those cases it would be more secure and convenient for the user to not enter them manually.
Instead the frontend could send to the server the ID of the macro, it could then resolve and use it for item testing.
This way we don't expose the sensitive contents to the frontend, but greatly decrease the complexity of testing such items.
The option to still provide it manually should remain available.