you can use this https://dl.pstmn.io/download/version/9.31.28/win64
Hello All,
This topic seems to have gone in multiple different directions. There have been many responses which include various different links to resources, which have answered the questions.
- The announcement blog which includes overall reason for the change, an introduction to the new Lightweight API Client and a list of FAQs.
- Our support page to help with Exporting and Migrating your Scratch Pad data.
- Our Security and Trust portal where you can request to download the latest SOC2 report, SOC3 report, CSA STAR and Security Features Report documents.
- Our Security and Trust FAQs which provides some more granular data usage and storage information.
- The Secret Scanner which is enabled on all plan to help mitigate against publicly exposing sensitive data.
Our recommended safe practices to follow with your data and credentials when using your Postman account:
- Be careful to avoid accidental data exposure when making a Postman element public, such as workspaces, collections, and environments.
- We strongly recommend you avoid storing sensitive data anywhere except within Postman environments. Storing variable values only in the
Current valuefield, will ensure that the data is never sync’d. - You should also use environment variables with a secret type to store sensitive data and credentials, including API keys and access tokens.
- Learn more by reading our shared responsibility model.
If anyone in the thread has more questions, please do reach out to us on [email protected] and we will answer any concerns.
With V11 of Postman, we have introduced the Postman Vault (Store secrets in your Postman Vault | Postman Learning Center), which allows you to store your sensitive data in an encrypted local vault that is not synced with the Postman Cloud.
Also, we have added multiple security features to help prevent accidental exposure of your API credentials.
Hello everyone, I wanted to follow up here!
We’ve added additional security features that are now included with Free Postman plans. A few callouts from this thread:
-
Collections security – Before any collection is published or made visible in a public workspace, the Postman Secret Scanner will detect and redact sensitive values such as API tokens, credentials, or private keys, and notify the admin.
-
Secrets management – Postman provides several ways to manage secrets. One of the most effective is the Postman Local Vault, which stores credentials locally on your device and never syncs them to the cloud. Even workspace admins and teammates can’t access them, and the vault clears automatically on sign-out.
-
Security features you already have (even on Free!) – Local Vault for secrets, automatic secret scanning, visual warnings before publishing, token masking, and granular workspace visibility.
-
Cloud security – Postman uses a cloud-first architecture to support collaboration across teams and partners. We work with trusted providers like Okta, AWS, and Wiz to strengthen identity, infrastructure, and data protection. We also conduct regular third-party penetration testing and maintain ongoing compliance with global standards to meet the needs of organizations of all sizes.
For more details, check out this blog from our Head of Security, Sam Chehab: Postman (Free) is secure by design
2 Likes