Access Postman Vault from Pre-Request Script

How can you access values in the Postman Vault from Pre-Request Script?

Hey @rcmcmullen2 :wave:

Welcome to the Postman community :postman:

You should be able to use:

pm.variables.get('vault:<var_name>' );

Is this working for you?

No. I’ve tried that as well as pm.environment.get(‘vault:<var_name>’) and pm.collectionVariables.get(‘vault:<var_name>’) and none of them are working. I created the associated key/value pairs in both Environment and Collection Variables.

Taking a step back here, you’re using V11 right?

And you have created variables in your Postman Vault?

Could you share some images of what you have please? It will be easier to see what’s happening.

Yes, I’m using v11, and Yes I’ve created the variable in my Postman Vault



Interesting. :thinking:

Are you able to use a vault value in the URL, Params or Headers?

I tried it in the Headers successfully.

1 Like

My bad, I was automatically assuming that this could be achieved in the sandbox but after speaking with the team - I realised this was not the case. :cry:

You can only access the vault variables in the URL, Params, Headers, Body and the Auth helper fields.

It would appear that you can set an environment variable to reference a key vault secret, but if you console log the environment variable, it just shows the secret name as a string.

image

You can see that the secret value “456” was used in the request (as its echoed back).

However the console log of the environment variable just shows the string.

image

Which is probably correct, as its trying to prevent the leak of those secrets.

1 Like

I should have been clearer - there isn’t a direct way to use them but there are workarounds :sweat_smile:

Similar to how you could you pm.variables.set() to temp change a vault variable during the request execution.

There isn’t a method like the other scoped variables to directly reference a vault variable.

So if we can’t access the Vault directly from the Sandbox then what is the suggested workaround? If I use the pm.variables.set() method I would need to either hard code the value (which needs to be secured), or try to reference the vault (which is not accessible).

I am currently using an environment variable, but the value is not secured like it is in the vault. The intention is to secure the value in a location that can being used by the Request.

That is a problem because we need this variable as part of a Pre-Request Script to generate a JWT Token.

@danny-dainton - I presume you cannot create a Variable (Local, Collection, Global) to reference the Vault, either?

It seems like you can create a variable at the local, collection, global to reference the Vault as the Postman documentation suggests, but you cannot access the Vault variable in pre/post-scripts. I’m running into the same issue as well.

I was trying to determine which Vault variable to use based on the environment variable selected. It doesn’t seem like there’s a way to do that.

I suspect at this point, its working as designed and this would be a feature request that needs to be raised on the Postman Github.

I sort of understand why as it prevents the encrypted info from being discovered through the scripts but as I also use pre-request scripts a lot for authentication, it would mean that I can’t use the vault for this either.

I can use the vault to integrate with Azure Key Vault to retrieve the OAuth information required to authenticate which is a good feature, but I have no way of accessing those details in the pre-request script where I use sendRequest to hit the token end point.

I would have to use the authentication helper or a straight up request in the GUI instead to get the token.

This feature is still quite new, and has had quite a few changes since the first iteration already, so requesting the feature on Github may provide a favourable response as this feature is being actively worked on.

2 Likes

Well I’m sorry to hear that as our Product license is coming up for renewal and our Project is looking for a product that can address this security concern. So it looks like we’ll have to look for other options.

The first production iteration of the feature was only introduced 14 days ago and was never previously part of the platform, based on user feedback and the various different use cases that people might have, like creating tokens via a pre-request script, we can understand how the feature can be made better.

Postman like every software project, isn’t a finished product. It’s ever changing and improving to make our users lives easier.

Creating a public feature request is the best way to bring these new usage ideas to the team, to triage and assess them with a view to potentially making them part of the platform.

First time doing this so I hope I did it right. For anyone following, here’s the request: Ability to use Postman Vault variables in pre/post-scripts · Issue #12864 · postmanlabs/postman-app-support · GitHub

1 Like

The documentation says that:

You can also reference vault secrets as the values of your global, environment, and collection variables

Does that work for anyone? It works in params etc but when I added to environment variables it doesn’t seem to resolve.

This problem should be workaround-able if this worked, as the value of the secret is not stored in the cloud but the reference is (again, according to the documentation)