Integrate Postman Vault with Azure Key Vault
Azure Key Vault enables you to store sensitive data in a vault that's external from your Postman Vault. Once your Postman Vault is integrated with Azure Key Vault, you can link vault secrets with sensitive data stored in Azure Key Vault, and retrieve them when you send HTTP requests.
You can create Postman Vault integrations from the Postman desktop app.
Learn more about Postman Vault integrations.
About the Azure Key Vault integration
When setting up an integration with Azure Key Vault, you need to authenticate with your Microsoft Azure account. Then you can link vault secrets with Azure Key Vault using the secret identifier for each secret.
You can follow the steps to create a secret from Azure Key Vault. You can also follow the steps to retrieve a secret, enabling you to view the secret's identifier.
Postman recommends using an Azure Key Vault firewall to allowlist your static IP addresses. This enables you to retrieve secrets stored in your Azure Key Vault from your local instance of Postman.
Integrate with Azure Key Vault
When you create the integration, authorize Postman to access and retrieve secrets from Azure Key Vault.
Postman uses the OAuth 2.0 authorization code flow with Proof Key for Code Exchange (PKCE) to authenticate with Azure, which retrieves an access token. The access token is generated using the https://vault.azure.net/user_impersonation scope, and it's valid in Postman for 1 day.
You'll need to reauthenticate with Azure each time you sign in to Postman, or when your access token expires in Postman.
To integrate with Azure Key Vault and authenticate with your Azure account, do the following:
-
Open your Postman Vault, then select
Settings. Optionally, you can create the integration when you add a vault secret. -
Select Connect next to Azure Key Vault.
Your computer must be able to access your Microsoft Azure instance.
-
You'll be prompted to authorize Postman to access your Microsoft Azure account. After you grant access, you can close the browser tab and return to Postman.
Link vault secrets with Azure Key Vault
Link a vault secret's value with a secret stored in Azure Key Vault. This enables you to retrieve a secret stored in Azure Key Vault directly from your local instance of Postman. Once you link a vault secret's value, reference the vault secret in your local instance of Postman, and the secret is retrieved from Azure Key Vault when you send the HTTP request that references the vault secret.
Secrets retrieved from Azure Key Vault aren't stored in your local instance of Postman or the Postman cloud. Learn more about Postman Vault integrations.
Before you link a vault secret, make sure you have at least the Azure Vault Reader role in Azure. This enables you to retrieve secrets stored in Azure Key Vault from your local instance of Postman.
To link a vault secret's value with Azure Key Vault, do the following:
-
In Postman, enter a name for the vault secret, hover over the Value cell, then select the vault integration icon
.
If you've already integrated with an external vault, you can link a secret from a different external vault provider. Select the change external vault icon
, then select an external vault. -
Enter the Secret Identifier on the Link secret window. The secret identifier is the URI of the secret in Azure Key Vault. Learn more about identifiers in Azure Key Vault.
https://<vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version-id>The latest version of the secret will be used unless you include the version ID.
-
Select Use.
To view details about a secret you've linked from Azure Key Vault, select the vault integration icon next to a secret.
Next steps
After integrating Postman Vault with Azure Key Vault, you can reference vault secrets and manage your integrations:
- To learn how to reference vault secrets in your local instance of Postman, see Use vault secrets.
- To learn how to troubleshoot unresolved vault secrets, see Troubleshoot vault secrets.
- To learn how to manage your integrations, see Manage Postman Vault integrations.
Last modified: 2024/04/29
