Teams often need to share collections among users, with each user having his/her own credentials to access the API. In this case, updates to the collection (the API definition/workflow) should be synced across users, but the private credentials should not.
Since everything in shared workspaces is shared, the recommended workflow here is to utilize sessions (https://learning.getpostman.com/docs/postman/environments_and_globals/sessions/). Sessions let each user use the ‘current value’ column in the environment which isn’t shared with anyone. The ‘initial value’ for variables can be set to something like <insert your personal key here>. Since only ‘initial values’ are synced to workspace members, users can safely rely on the ‘current value’ to protect their personal credentials.
Alternatively, each user can share relevant collections from the shared team workspace into their personal workspace. This will mean that the collection will continue to receive updates made by other users (since it’s shared), but environments created in the personal workspace will not be shared (and be private to the user who created them).