my 30 days badge workspace is public
in day 2 I have learned:
DON’T LEAK YOUR SECRETS!
It’s very important to add sensitive values like an API key to the CURRENT VALUE (and not INITIAL VALUE) of your public workspace since initial values can be viewed publicly in a public workspace. Storing sensitive values only in CURRENT VALUE keeps your secrets private in a team or public workspace.
ok, when I come back for a session, the current values are gone:
Current values are restricted to your session within your Postman app. If you log out and log back into Postman, those values will be gone. The current value is never synced to your account or shared with your team—unless you choose to persist it.
https://blog.postman.com/how-to-use-api-keys/
but, persist would:
Persisting variable values will replace initial values with current values.
https://support.postman.com/hc/en-us/articles/4409005403031-How-to-persist-variable-values
so, how would the ideal workflow looks like?
every time I log in I have to paste into the secret(s) to the environment from an external key-store to hold it secure?
because, the API-Key for example is shown only once - when generating it …
perhaps it is obvious how to act.
thanks in advance for any help