I’m working in an environment where I can’t install Postman Desktop, so I’m using the Web version instead. I’m at a point where I want to share my collection with others. Obviously, I don’t want to share the API key I’m using, so it seems to make sense that I’d store it as a vault variable. Web Postman has allowed me to set up a vault, I’ve saved the generated vault key, created my first variable in the vault, and used it in a request parameter - everything seems to be working perfectly as described in the documentation.
Only when I send the request, the {{vault:api-key}} placeholder does not get replaced. There are no errors reported, except from the server I’m calling, of course.
I found Vault secret not resolving, which says Vault only works with the Desktop or Browser agents. I’m not sure which agent auto-select is giving me, but I guess it must be Cloud.
I can’t install Desktop and the Browser Agent seems to fall foul of a CORS limitation for the request I’m trying to make, but I think I’ve found a work-around. By creating just a regular variable at the Collection level, I can set its shared initial value to some placeholder text, and set its current value to my API key, which I understand isn’t shared with others. It may not be as secure is putting it in the vault, but it meets my need of not sharing my key.
It would be great if Vault could be made to work better with Web Postman, but assuming it can’t, the next best thing would be for this issue to be better signposted in the docs and the UI. I did eventually see a warning in the UI telling me to use Desktop, but only after I’d been scratching my head for a while.
Keep up the good work!