External libraries for JWT encryption and protecting the Private Key

Hi,

In our team we work extensively with Adobe.io and Experience Cloud API’s
We’ve recently come across a library that seems to meet our needs when it comes to encrypting a JWT token. For this we are using the Pre-request Script capability of Postman and this library jsrsasign - cryptography library in JavaScript
Now I haven’t done a security audit on this library but I am conscious that the private key we are using could in fact be sent to a third party, obviously not good.
So my question is: Does Postman support RS256 encryption so we don’t have to rely on external libraries?
Does anyone else have this concern when using external libraries?
Cheers

Hello @robsay, Welcome to the community :tada:

Postman supports various external libraries including crypto-js which can be used in pre-request scripts and tests for encryption.

All the best :+1: