Is there a way to programmatically Unshare any of the Shared environment variables? Our company wants to roll users back to 9.27, however, there’s vulnerability risks there as well.
I think no Postman doesn’t provide a direct API to “unshare” environment variables. You can only do it by updating the environment via API and clearing the variable’s shared value.
Hi Chris,
There isn’t a way to programmatically unshare environment variables in Postman right now. Sharing and unsharing has to be done manually in the UI.
If security is the concern, you might want to move sensitive values to local (unshared) variables and rotate any exposed credentials.
Hope that helps!
Hey @chris-tifer,
Welcome to the Postman Community! 
What’s the reasons for wanting you all to use an outdated and unsupported version? Are there parts of the current version that are preventing you from working within Postman?
Because Postman decided to store confidential information on their servers. However, some people were still using this version. So we either roll back or figure out some way to clear all these user’s shared variables.
This was a mess of a decision by Postman.
Unfortunately there’s no way to programmatically “unshare” variables right now it has to be done manually in the UI. If the concern is sensitive data being synced, the safest move would be to clear the shared (initial) values via the API and rotate any exposed credentials.
Rolling back to 9.27 might solve one problem but creates others since it’s unsupported.
Hope that helps a bit 
.
Appreciate your response. 
General syncing of data has been part of Postman for a very long time, spanning multiple major versions. It allows you to seamlessly collaborate with your Team, on the same Collections, in the same Workspaces.
We moved to a cloud only platform over 2 years ago and removed the Scratchpad from the platform, as mentioned here. There is still a local, offline client in the platform that can be accessed by signing out of your account but this has a limited set of capabilities.
In terms of the current version and the versions moving forward, we have made significant changes to prevent users from unintentionally sharing thier sensitive data in variables, by making these local by default. A user would need to explicitly share a variable in order for that to be synced and available to their teammates.
The UI also has the ability to individually or bulk unshare any variable that has been shared.
There are also additional explicit user confirmation prompts in place, in case a member of the team attempts to share a value that have been marked as sensitive.
As well as variables at the different scopes (Collection, Global, Environment), we also have the Postman Vault, this is your local only, encrypted data store. Sensitive data in your vault stays on your machine and can be used in your Collections using the {{vault:var_name}} syntax. This also has extra safe guards like limiting the value to only be used on specific domains or blocking the use of these value s in the scripting sandbox.
That all to do with variables but will have also recently introduced our Native Git feature.
With Postman’s file system support (Native Git), API iterations are authored and iterated locally in Git, alongside code, and intentionally not synced to Postman Cloud.
As this all centres around security concerns, we have all related information on our website and trust center. This will provide you and the team with all our security practices, audits, compliance certificates and FAQs.
If you have anymore specific concerns or questions that you need answering, please tag me directly and I will be here to help.
1 Like