Forced to store environments on postman servers?

you can use this

Hello All,

This topic seems to have gone in multiple different directions. There have been many responses which include various different links to resources, which have answered the questions.

  • The announcement blog which includes overall reason for the change, an introduction to the new Lightweight API Client and a list of FAQs.
  • Our support page to help with Exporting and Migrating your Scratch Pad data.
  • Our Security and Trust portal where you can request to download the latest SOC2 report, SOC3 report, CSA STAR and Security Features Report documents.
  • Our Security and Trust FAQs which provides some more granular data usage and storage information.
  • The Secret Scanner which is enabled on all plan to help mitigate against publicly exposing sensitive data.

Our recommended safe practices to follow with your data and credentials when using your Postman account:

  • Be careful to avoid accidental data exposure when making a Postman element public, such as workspaces, collections, and environments.
  • We strongly recommend you avoid storing sensitive data anywhere except within Postman environments. Storing variable values only in the Current value field, will ensure that the data is never sync’d.
  • You should also use environment variables with a secret type to store sensitive data and credentials, including API keys and access tokens.
  • Learn more by reading our shared responsibility model.

If anyone in the thread has more questions, please do reach out to us on and we will answer any concerns.

With V11 of Postman, we have introduced the Postman Vault (Store secrets in your Postman Vault | Postman Learning Center), which allows you to store your sensitive data in an encrypted local vault that is not synced with the Postman Cloud.

Also, we have added multiple security features to help prevent accidental exposure of your API credentials.