Store secrets in your Postman Vault
Postman Vault enables you to store sensitive data as vault secrets in your local instance of Postman. This enables you to securely reuse sensitive data in your HTTP collections and requests. Only you can access and use values associated with your vault secrets, and they aren't synced to the Postman cloud.
Access your Postman Vault
You can access your Postman Vault from the Postman desktop app or the Postman web app. To access your Postman Vault, open a workspace then select 
Vault from the Postman footer. You can also select Control+Shift+V or Ctrl+Shift+V to access your Postman Vault.
Learn about Postman Vault features that require the Postman desktop app.
You can open your Postman Vault as follows:
-
If this is your first time opening your Postman Vault, Postman will generate your vault key, and you can follow the steps to store your vault key.
-
If Postman already generated your vault key, enter your vault key and select Open Vault.
If you stored your vault key in your system's password manager, Postman automatically gets your vault key. You must use the Postman Desktop Agent if you're using the Postman web app so Postman can get your vault key.
Once you've opened your Postman Vault, you can add sensitive data as vault secrets in your Postman Vault. Then you can reference them in your HTTP collections, requests, and more.
About vault secrets
Vault secrets are sensitive data, such as API keys and passwords, that you store in your Postman Vault and reuse in your local instance of Postman. Only you can access and reuse values associated with your vault secrets, and they aren't synced to the Postman cloud. Also your vault secrets are encrypted using Advanced Encryption Standard (AES) with a 256-bit key length.
Collaborators can see references to your vault secrets, such as {{vault:postman-api-key}}, in shared workspaces, enabling secure collaboration between teammates. API consumers can also see references to your vault secrets in public workspaces, enabling you to show an example of a secret. Collaborators and API consumers can add each vault secret to their Postman Vault with their own value.
If you're on an Enterprise plan with the Advanced Security Administration add-on, you can link vault secrets with sensitive data stored in an external vault, such as Azure Key Vault. Learn more about Postman Vault integrations.
Learn about Postman Vault features that require the Postman desktop app.
Other options for storing and reusing values
You can use variables to store and reuse the same value, such as URLs, in multiple places. Variables can be shared with collaborators. While Postman Vault is highly recommended for storing sensitive data, you can use the following options to store sensitive data in variables:
-
You can add sensitive data as only the current value of a variable. This means the value is local to your instance of Postman and it isn't synced to the Postman cloud. Note that you can choose to persist a variable, which syncs the current value to the Postman cloud and shares it with collaborators.
-
You can set the variable type as secret type in global and environment variables. This enables you to mask sensitive data in the initial and current values. Note that collaborators with access to the workspace can view a secret type variable's values. Also, collaborators with additional permissions can change the variable type, unmasking it for collaborators.
Manage your vault key
Save your vault key to access your Postman Vault later. You can save your vault key in a secure location, and manually enter it each time you sign in to Postman. You can also store your vault key in your system's password manager, enabling Postman to automatically get your vault key each time you sign in.
Add, edit, and use vault secrets
Add vault secrets to your Postman Vault to reuse them in your local instance of Postman. Then you can reference vault secrets in your HTTP collections and requests, variables, and the Collection Runner.
You can also use Guided Auth to add vault secrets that have authentication credentials for public APIs. Reference vault secrets added using Guided Auth in your HTTP requests, and reuse your authentication credentials in new HTTP requests to the same public APIs.
The following shows some high-level differences between adding vault secrets without and with Guided Auth:
| Vault secrets | Vault secrets using Guided Auth |
|---|---|
| Stores any type of secret, such as API keys and passwords | Stores authentication credentials for public APIs in Postman |
| You can add vault secrets directly in Postman Vault | You must use Guided Auth to add vault secrets |
| Add vault secrets at any time | API publishers must set up Guided Auth for their public APIs |
| Postman doesn't suggest specific vault secrets | Postman suggests saved vault secrets for future requests to public APIs |
| Link vault secrets with external vaults | Can't link vault secrets with external vaults |
Postman Vault integrations
Postman Vault integrations enable you to link vault secrets with secrets stored in an external vault. You can then reference vault secrets in your local instance of Postman, and retrieve the value of secrets stored in external vaults when you send HTTP requests. You can also manage and update your Postman Vault integrations.
Postman supports the following Postman Vault integrations:
Feature availability
The following features require the Postman desktop app:
-
Open Postman Vault from public workspaces - You must use the Postman desktop app to open your Postman Vault from a public workspace, and reference vault secrets in a public workspace. If you're using the Postman web app, you must add new vault secrets to your Postman Vault if you're opening it from a public workspace.
-
Preserve vault secrets when you join or leave a team - You must use the Postman desktop app to preserve your encrypted vault secrets after you join a new team or leave a team. If you're using the Postman web app, vault secrets won't be available from your Postman Vault when you join a new team or leave a team. Then you can add new vault secrets to the team you joined from, or a team you rejoined if using the Postman web app.
-
Create and manage Postman Vault integrations (Enterprise teams only) - You must use the Postman desktop app to create and manage Postman Vault integrations. If you're using the Postman web app, Postman Vault integrations won't be available.
Troubleshoot vault secrets
If your vault secrets are unresolved, learn how to fix unresolved vault secrets.
Last modified: 2024/04/29
