When I have a test set (folder), I can define “Authorization” on the folder-level. The options in the list are a whole bunch, of which among “AWS signature”, which looks the most similar to what I need. Here I can fill in a (vault) value for the “AccessKey” header and “SecretKey” header. My API, however, requires custom headers for the (access/)id and secret. This option, however, is not in the list. I could use the pre-request, enable pre- and post-scripts from the vault and add the desired headers form there, but that is a potential security issue, with potential libraries potentially snooping my vault secrets. Could Postman please consider allowing a custom header type, where I can define the header name and header value (with vault values, where desired)?
This is a great security-conscious question! There is an approach you could take without using pre-request scripts:
Add your custom authorization headers directly in the Headers tab at the folder level:
X-API-ID: {{vault:your-access-key}}
X-API-Secret: {{vault:your-secret-key}}