postman-app-support icon indicating copy to clipboard operation
postman-app-support copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

Have "Secret" tagged environment variables NOT sync'd on Postman Cloud

Open johns1uphealth opened this issue 3 years ago • 3 comments
trafficstars

Is there an existing request for this feature?

  • [X] I have searched the existing issues for this feature request

Is your feature request related to a problem?

When using the "Secret" feature to protect user credentials and other private values it seems like these values are still sync'd to the Postman Cloud. Is it possible to have any variables marked as "Secret" not sync'd to the Cloud, regardless if the values are in the "INITIAL VALUE" column or not?

Describe the solution you'd like

To not sync environment variables marked as "Secret", regardless if a value is in the "INITIAL VALUE" column or not.

Describe alternatives you've considered

The alternative depends on all users remembering to not put secret info like credentials and such in the INITIAL VALUE column. This is OK but prone to human error.

Additional context

You could say this is a security issue because these "Secret" values are now exposed to the (PM) Cloud and could be accessible to any PM engineer or anyone who compromised the Postman Cloud security. (not likely but possible but for health information this is or could be a HIPAA violation.)

johns1uphealth avatar Mar 18 '22 18:03 johns1uphealth

I'm very interested in this feature.

+1 for adding it

mateuszjanczak avatar Nov 17 '22 13:11 mateuszjanczak

I switched to Insomnia.rest for this very reason after having used Postman extensively.

rolfmadsen avatar Feb 21 '24 05:02 rolfmadsen

+1 for this feature request, some of my teammates have expressed interest too

lizjackson-toast avatar Apr 29 '24 13:04 lizjackson-toast