Make secrets stored in Postman more secure

πŸ—£ General Discussion
, ,
1

Hi Everyone!

Not so long ago I have started to really actively usign Postman and I was surprised to find out that there is no way to securely store secrets in Postman.

All data stored as variables in environments in Postman is visible to anyone who happens to pass by your computer while you are working with variables. And it is just so easy to sync your secrets along with all other data and send them each and every colleague in your organisation who is using Postman by a simple misclick.

While looking for a way to secure my secrets, I have come across this GitHub issue:

I would like to raise attention to this issue here, among Postman users, and I hope that for some of you reading this post this feature is as valuable as it is for me and I hope you could put a β€˜Thumbs Up’ on this issue to reflect that.

Wish you all the best! Stay safe!

1 Like
2

Hello @hex_dec,

You requested, and we did it :smiley:. We appreciated your suggestion and patience. Now, everyone can store the variables more securely using secret variable type. Here are few resources, which can help you understand secret variables in detailed manner :

  1. Blog : Secret variable.
  2. Learning center
  3. GitHub issue details.

Screenshot 2022-02-12 at 7.07.31 PM
Screenshot 2022-02-12 at 7.07.31 PM1672Γ—1440 417 KB

Cheers :shield:

2 Likes
3

With V11 of Postman, we have introduced the Postman Vault (Store secrets in your Postman Vault | Postman Learning Center), which allows you to store your sensitive data in an encrypted local vault that is not synced with the Postman Cloud. Also, we have added multiple security features to help prevent accidental exposure of your API credentials.