Store secrets in your Postman Vault
Postman Vault enables you to store sensitive data as vault secrets in your local instance of Postman. This enables you to securely reuse sensitive data in your HTTP collections and requests. Only you can access and use your vault secrets, and vault secrets aren't synced to the Postman cloud.
When you first open your Postman Vault, Postman generates a vault key that enables you to access your Postman Vault later. Once you store your vault key in a secure location, you can add sensitive data as vault secrets in your Postman Vault. Then you can reference your vault secrets in your HTTP collections, requests, and more.
You can use your Postman Vault from the Postman desktop app or the Postman web app. Learn about Postman Vault features that require the Postman desktop app.
About vault secrets
Vault secrets are sensitive data, such as API keys and passwords, that you store in your Postman Vault and reuse in your local instance of Postman. Only you can access and reuse your encrypted vault secrets in your local instance of Postman, and they aren't synced to the Postman cloud. Your vault secrets are encrypted using Advanced Encryption Standard (AES) with a 256-bit key length.
Vault secrets are useful when:
- You're using the same sensitive data in multiple places throughout your workspaces.
- You don't want your sensitive data synced to the Postman cloud.
- You want to be the only user with access to your sensitive data.
- You want to specify the domains and subdomains you're allowed to send your sensitive data to.
- You want your sensitive data encrypted.
- You want to link vault secrets with sensitive data stored in an external vault, such as Azure Key Vault.
Compare vault secrets and variables
Both vault secrets and variables enable you to store and reference data in Postman. One may be a better fit than the other, depending on your use case or preferences.
Vault secrets enable you to store and reuse sensitive data only in your local instance of Postman, and they aren't synced to the Postman cloud. This enables you to keep your sensitive data hidden from collaborators, and prevent collaborators from using your vault secrets. Vault secrets are masked by default, and only you can unmask them. Your sensitive data is also encrypted in your Postman Vault.
Variables enable you to store and reuse the same value, such as URLs, in multiple places. The following are some options for storing data in variables:
-
You can add data as the current value of a variable. This means the value is local to your instance of Postman and it isn't synced to the Postman cloud. You can choose to persist a variable, which syncs the current value to the Postman cloud and shares it with collaborators.
-
You can set the variable type as secret type in global and environment variables. This enables you to mask sensitive data in the initial and current values. Collaborators with access to the workspace can view a secret type variable's values. Also, collaborators with additional permissions can change the variable type, unmasking it for collaborators.
Access your Postman Vault
To access your Postman Vault, open a workspace then select 
Vault from the Postman footer. You can also use Control+Shift+V or Ctrl+Shift+V to access your Postman Vault.
You can open your vault secrets in Postman Vault as follows:
-
If this is your first time opening your Postman Vault, select Set Up Vault to get your vault key.
-
If Postman already generated your vault key, enter your vault key then select Open Vault. Then you can continue to add, edit, and use your vault secrets in Postman.
If you stored your vault key in your system's password manager, Postman automatically gets your vault key. You must use the Postman Desktop Agent if you're using the Postman web app so Postman can get your vault key.
Learn about Postman Vault features that require the Postman desktop app.
Manage your vault key
Save your vault key to access your Postman Vault later. You can save your vault key in a secure location, and manually enter it each time you sign in to Postman. You can also store your vault key in your system's password manager, enabling Postman to automatically get your vault key each time you sign in.
Add, edit, and use vault secrets
Add vault secrets to your Postman Vault to reuse them in your local instance of Postman. Then you can reference vault secrets in your HTTP collections and requests, variables, and the Collection Runner.
You can also use Guided Auth to add vault secrets that have authentication credentials for public APIs. Reference vault secrets added using Guided Auth in your HTTP requests, and reuse your authentication credentials in new HTTP requests to the same public APIs.
The following shows some high-level differences between adding vault secrets without and with Guided Auth:
| Vault secrets | Vault secrets using Guided Auth |
|---|---|
| Stores any type of secret, such as API keys and passwords | Stores authentication credentials for public APIs in Postman |
| You can add vault secrets directly in Postman Vault | You must use Guided Auth to add vault secrets |
| Add vault secrets at any time | API publishers must set up Guided Auth for their public APIs |
| Postman doesn't suggest specific vault secrets | Postman suggests saved vault secrets for future requests to public APIs |
| Link vault secrets with external vaults | Can't link vault secrets with external vaults |
Postman Vault integrations
Postman Vault integrations enable you to link vault secrets with secrets stored in an external vault. You can then reference vault secrets in your local instance of Postman, and retrieve the value of secrets stored in external vaults when you send HTTP requests. You can also manage and update your Postman Vault integrations.
Postman supports the following Postman Vault integrations:
Feature availability
The following features require the Postman desktop app:
-
Open Postman Vault from public workspaces - You must use the Postman desktop app to open your Postman Vault from a public workspace, and reference vault secrets in a public workspace. If you're using the Postman web app, you must add new vault secrets to your Postman Vault if you're opening it from a public workspace.
-
Preserve vault secrets when you join or leave a team - You must use the Postman desktop app to preserve your encrypted vault secrets after you join a new team or leave a team. If you're using the Postman web app, vault secrets won't be available from your Postman Vault when you join a new team or leave a team. Then you can add new vault secrets to the team you joined from, or a team you rejoined if using the Postman web app.
-
Create and manage Postman Vault integrations (Enterprise teams only) - You must use the Postman desktop app to create and manage Postman Vault integrations. If you're using the Postman web app, Postman Vault integrations won't be available.
Troubleshoot vault secrets
If your vault secrets are unresolved, learn how to fix unresolved vault secrets.
Last modified: 2024/04/29
