The Postman Secret Scanner scans public workspaces and published documentation to detect exposed secrets on all Postman plans. It monitors the collections, global variables, environment variables, and documentation in public workspaces. Secret Scanner helps safeguard your organization from potential threats and malicious users attempting to access any exposed secrets. It also scans the documentation your team has published, regardless of the type of workspace it’s found in.
You can also set up Postman’s integration for Slack to alert you in Slack if the Secret Scanner detects exposed secrets in your workspaces.
Secret Scanner helps protect your team’s sensitive information from accidental exposure, no matter which Postman plan you’re on. By scanning your team’s resources, it ensures that your data stays secure.
For Enterprise plans with the Advanced Security Administration add-on, Secret Scanner also delivers results for public workspace, internal workspace, and Partner Workspace scans in Secret Scanner dashboard. It also includes access to reporting and analytics on exposed secrets in Team and Public workspaces.
To learn more, see How the Postman Secret Scanner works.
The Secret Scanner dashboard enables Admins and Super Admins review and manage your team’s detected secrets and view reports. It also lets your team customize and manage secret patterns that best fit your team’s specific needs.
To learn more, see The Secret Scanner dashboard. For information about Secret Scanner patterns, see Secret Scanner patterns.
The Secret Scanner Postman API endpoints are available with the Postman Enterprise plan with the Advanced Security Administration add-on.
Admins, Super Admins, and Workspace Admins can access Secret Scanner findings through the Postman API. Using the Postman API enables you to create custom automated workflows to retrieve and resolve identified secrets. To learn more, see the Postman API documentation.