Hi, in my team we are starting using postman to share collections of api.
The Team workspace works well but we have an issue: in our environment variables there are user and password to login into environment, and these are “per user”.
What happens right now is that the value of these variables is shared inside the team.
Ho can we share environments but keeping some variables private?
Hi @stefano-introini, Welcome to the community!
You may have actual values stored as current values that will be specific to user and will not be shared across.
Have the initial values as dummy values in environment variables. In this case users have to update only current value and use it in their requests.
Hope this helps 
1 Like
Hi @stefano-introini – this is a great question and one we’ve been actively working to address as part of our broader security efforts.
In addition to using dummy values in shared environments (as Pranav suggested), we’ve recently rolled out enhanced built-in protections to help keep sensitive data out of shared spaces and public collections:
-
Postman Local Vault – Store secrets securely on your machine only; they never sync to the cloud or become accessible to teammates.
-
Automatic Secret Scanning – Proactively scans your workspaces, documentation, and even GitHub/GitLab repos for exposed credentials, alerting you immediately if something sensitive is detected.
-
Variable Masking – Prevents secrets from being visible during screen shares or demos.
-
Pre-publish Checks – Before any collection becomes public, Postman will scan and redact sensitive values like API tokens, passwords, or keys.
For anyone collaborating in Postman—whether on the Free plan or Enterprise—these measures help ensure that your workflows are both productive and secure from the start.
You can read more about these capabilities and our secure-by-design approach in this blog post from our Head of Security, Sam Chehab: Postman (Free) is secure by design
Hope this helps you and your team work more confidently!