Postman Secret Scanner

The Postman Secret Scanner scans public workspaces and published documentation to detect exposed secrets on all Postman plans. It monitors the collections, global variables, environment variables, API specifications, and documentation in public workspaces. Secret Scanner helps safeguard your organization from potential threats and malicious users attempting to access any exposed secrets. It also scans the documentation your team has published, regardless of the type of workspace it's found in.

You can also set up Postman's integration for Slack to alert you in Slack if the Secret Scanner detects exposed secrets in your workspaces.

Benefits of Postman Secret Scanner

Secret Scanner helps protect your team's sensitive information from accidental exposure, no matter which Postman plan you're on. By scanning your team's resources, it ensures that your data stays secure.

For Enterprise plans with the Advanced Security Administration add-on, Secret Scanner also delivers results for public workspace, internal workspace, and Partner Workspace scans in Secret Scanner dashboard. It also includes access to reporting and analytics on exposed secrets in Team and Public workspaces.

To learn more, see How the Postman Secret Scanner works.

Manage your secrets with the Secret Scanner dashboard

The Secret Scanner dashboard enables Team Admins and Super Admins review and manage your team's detected secrets and view reports. It also lets your team customize and manage secret patterns that best fit your team's specific needs.

To learn more, see The Secret Scanner dashboard. For information about Secret Scanner patterns, see Secret Scanner patterns.

Manage Secret Scanner findings with the Postman API

The Secret Scanner Postman API endpoints are available with the Postman Enterprise plan with the Advanced Security Administration add-on.

Team Admins, Super Admins, and Workspace Admins can access Secret Scanner findings through the Postman API. Using the Postman API enables you to create custom automated workflows to retrieve and resolve identified secrets. To learn more, see the Postman API documentation.

Last modified: 2025/08/13

Postmanaut Cooper jumping over crystal ball. Illustration.

Additional resources

Explore ready-to-use Collection Templates, build API-first workflows with Postman Flows, and more!

Collection Templates

Integration testing
REST API basics
API documentation
Authorization methods

Flows Templates

Add HubSpot contacts to Mailchimp lists
Create Airtable records from new deals in HubSpot
Create or update HubSpot contacts from customers on Stripe
Search Zendesk for tickets with Tag using Create with AI

Popular videos

Postman Flows: Build API Applications Visually
Streamline LLM Integration with Postman's AI Protocol
API Basics: What is an API and How Does It Work?