***
title: Integrate Postman Vault with AWS Secrets Manager
updated: 2026-01-12T00:00:00.000Z
topictype: tutorial
max-toc-depth: 2
----------------
**[Postman Vault integrations are available with Postman Enterprise plans with the Advanced Security Administration add-on.](https://www.postman.com/pricing/)**
[AWS Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/managing-secrets.html) enables you to store sensitive data in a vault that's external from your [Postman Vault](/docs/sending-requests/postman-vault/postman-vault-secrets/). Once you create the [integration](/docs/sending-requests/postman-vault/postman-vault-integrations/) with AWS Secrets Manager, you can link vault secrets with sensitive data stored in AWS Secrets Manager, and retrieve them when you send HTTP requests.
You can create Postman Vault integrations from the [Postman desktop app](/docs/getting-started/installation/installation-and-updates/).
{/* vale postman-style-guide.Headings = NO */}
{/* "AWS Secrets Manager" is written in title case */}
## About the AWS Secrets Manager integration
{/* vale postman-style-guide.Headings = YES */}
When setting up an integration with AWS Secrets Manager, [authenticate with your AWS account](#integrate-with-aws-secrets-manager) and select the security credentials type you'd like to use: long-lived or temporary. Enter the access key pair (access key ID and secret access key), session token, region, and multi-factor authentication (MFA) token for your AWS account. Then [link vault secrets with AWS Secrets Manager](#link-vault-secrets-with-aws-secrets-manager) using the secret Amazon Resource Name (ARN), role ARN, and version for each secret.
Postman uses your access key pair to authenticate with AWS. The key pair is valid in Postman for two hours if using long-lived security credentials. The key pair is valid for a specified period of time if using temporary security credentials.
{/* vale Vale.Terms = NO */}
{/* "Plaintext" is the name of a UI element. */}
You can follow the steps to [create a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/create_secret.html), [find a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html), and [retrieve a secret](https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html) from AWS Secrets Manager. To view a secret's details, including the secret ARN, open the **Secrets Manager console** then click the secret's name.
By default, Postman retrieves the value that's entered in the **Plaintext** tab in the **Secret Manager console**. Postman retrieves the value as it's entered in the **Plaintext** tab, so enter the secret's value in the format you want it returned in Postman. You can configure Postman to retrieve the value of a JSON key-value pair in the **Key/value** tab.
{/* vale Vale.Terms = YES */}
{/* vale postman-style-guide.Headings = NO */}
{/* "AWS Secrets Manager" is written in title case */}
## Integrate with AWS Secrets Manager
{/* vale postman-style-guide.Headings = YES */}
When you create the integration, authorize Postman to access and retrieve secrets from AWS Secrets Manager. Enter the access key pair (access key ID and secret access key), session token (if using temporary security credentials), region, and MFA token for your AWS account.
If your AWS account requires an MFA token to authenticate, make sure you have the [`iam:listMFADevices` permission](https://docs.aws.amazon.com/IAM/latest/APIReference/API_ListMFADevices.html) in the [identity-based policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_identity-vs-resource.html) associated with your AWS user. This enables Postman to check if your AWS account has MFA enabled, and then prompt you to enter your MFA token.
You'll need to [reauthenticate with AWS](/docs/sending-requests/postman-vault/manage-postman-vault-integrations/#reauthenticate-with-an-external-vault) each time you open Postman, or when your access key pair expires in Postman.
To integrate with AWS Secrets Manager and authenticate with your AWS account, do the following:
1. Open your Postman Vault.
2. If you haven't created an integration with an external vault, click 
**Set up external vault** in the upper right of your Postman Vault. Otherwise, click **Use from existing vault**. Then select **AWS Secrets Manager**. You're then prompted to authorize Postman to access your AWS account.
Optionally, you can click 
**Settings** in the upper right of your Postman Vault. From the **Settings** tab, click **Connect** next to **AWS Secrets Manager**.
{/* */}
Your computer must be able to access your Amazon Web Services instance, and your AWS account can't require a proxy server to access it.
1. Select the security **Credentials Type** to use when authenticating with AWS: long-lived or temporary security credentials. The security credential type determines the length of time the access key pair (access key ID and secret access key) is valid for in Postman. You'll need to reauthenticate with AWS when the key pair expires. Learn more about [AWS security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html).
* **Long-lived** — Long-term security credentials that are valid for 2 hours in Postman.
* **Access Key** — Enter the [access key ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for your AWS account.
* **Secret Key** — Enter the [secret access key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for your AWS account.
* **Region** — Enter the AWS [region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions) where your account is located.
Optionally, you can [autofill each long-lived security credentials field](#autofill-authentication-credentials) using a credentials file.
* **Temporary** — Short-term security credentials that enable you to configure the length of time they're valid for. Learn more about [temporary security credentials in AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html).
* [Request temporary security credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html), and enter them in Postman. You can request temporary security credentials using AWS Security Token Service (AWS STS) operations. An AWS Admin can also generate temporary credentials using their internal AWS portal. The credentials include the **Access Key**, **Secret Key**, and **Session Token**.
* **Region** — Enter the AWS [region](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions) where your account is located.
2. Click **Authenticate**.
3. If your AWS account requires [multi-factor authentication](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html), enter an **MFA Token**.
4. Click **Authenticate**.
{/* vale Vale.Terms = NO */}
{/* vale postman-style-guide.Headings = NO */}
{/* "Autofill" is the first word in the heading. */}
### Autofill authentication credentials
{/* vale Vale.Terms = YES */}
{/* vale postman-style-guide.Headings = NO */}
If you're using long-lived security credentials, you can autofill each field from the credentials file in your `home` directory. This enables Postman to automatically fill in the details required to authenticate with your AWS account.
To create the credentials file, [install the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html), then [configure the credentials file](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html) with your access key, secret key, and region. Postman checks the `.aws/credentials` file in your `home` directory, and checks the `main` and then `default` profiles (in that order) in your credentials file. You can learn more about the credentials [file format](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html) and [default location](https://docs.aws.amazon.com/sdkref/latest/guide/file-location.html) of the file in your `home` directory.
{/* vale Vale.Terms = NO */}
{/* "Autofill" is part of the name of a UI element. */}
To autofill long-lived security credentials in Postman, do the following:
1. Select the **Long-lived** credentials type in the **Authenticate AWS Secrets Manager** window.
2. Click one of the fields, such as **Access Key**.
3. Select 
**Autofill from config file**.
4. Complete the remaining steps to authenticate with your AWS account.
{/* vale Vale.Terms = YES */}
## Link vault secrets with AWS Secrets Manager
Link a vault secret's value with a secret stored in AWS Secrets Manager. This enables you to retrieve a secret stored in AWS Secrets Manager directly from Postman. Once you link a vault secret's value, [reference the vault secret](/docs/sending-requests/postman-vault/manage-vault-secrets/#use-vault-secrets) to retrieve it's value from AWS Secrets Manager when you send it with an HTTP request.
Vault secrets are deleted from your Postman Vault after signing out of Postman. Your vault secrets can't be recovered with your vault key. When you sign in to Postman and open your Postman Vault, you can [create the integration](#integrate-with-aws-secrets-manager) and link a vault secret's value.
{/* vale Vale.Terms = NO */}
{/* "Plaintext" is the name of a UI element. */}
By default, Postman retrieves the value as it's entered in the secret's **Plaintext** tab. Under **Advanced settings**, you can configure Postman to retrieve the value of a JSON key-value pair in the secret's **Key/value** tab.
{/* vale Vale.Terms = YES */}
Secrets retrieved from AWS Secrets Manager aren't stored in your local instance of Postman or the Postman cloud. Learn more about [Postman Vault integrations](/docs/sending-requests/postman-vault/postman-vault-integrations/#about-postman-vault-integrations).
Before you link a vault secret, make sure you have the [`secretsmanager:GetSecretValue` permission](https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html) in the identity-based policy associated with your AWS user. This enables you to retrieve secrets stored in AWS Secrets Manager from your Postman team.
To link a vault secret's value with AWS Secrets Manager, do the following:
1. In Postman, enter a name for the vault secret, hover over the **Value** cell, then click **Link Vault**.
If you've already integrated with an external vault, you can link a secret from a different external vault provider. Click 
**Add new vault**, then select an external vault.
2. Enter the following on the **Link secret** window:
* **Secret ARN** — Enter the unique [Amazon Resource Name (ARN)](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference-arns.html) that identifies the secret.
```txt
arn:aws:secretsmanager:::secret:-
```
* **Advanced settings**
* **Role ARN (Optional)** — The secret's [permissions policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html) might require you to assume a role with elevated permissions to access it. Enter the unique Amazon Resource Name (ARN) specifying the required role to temporarily assume it. Learn more about [assuming roles in AWS](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html).
Also, make sure you have the `iam:assumeRole` permission in the identity-based policy associated with your AWS user.
```txt
arn:aws:iam:::role/
```
* **Version (Optional)** — Enter the [version](https://docs.aws.amazon.com/secretsmanager/latest/userguide/whats-in-a-secret.html#term_version) of the secret. The current version of the secret will be used if a version isn't provided.
* **Secret Type** — Choose the value you'd like to retrieve:
{/* vale Vale.Terms = NO */}
{/* "Plaintext" is the name of a UI element. */}
* **Plaintext** — Select to retrieve the value that's stored in the secret's **Plaintext** tab in the **Secret Manager console**. Postman retrieves the value as it's entered in the tab.
{/* vale Vale.Terms = YES */}
* **Key/Value** — Select to retrieve a value that's stored as a JSON key-value pair in the secret's **Key/value** tab in the **Secret Manager console**. In Postman, enter the secret key for the value you want to retrieve.
1. Click **Use**.
To view details about a secret you've retrieved from AWS Secrets Manager, click **Configure vault** next to a secret.
You can also [use scripts to access vault secrets](/docs/tests-and-scripts/write-scripts/postman-sandbox-reference/pm-vault/) linked with AWS Secrets Manager. Postman doesn't support using scripts to set the value of vault secrets linked with external vaults. Make sure you enable scripts to access your vault secrets; otherwise, you'll receive an error in the Postman Console.
## Next steps
After integrating Postman Vault with AWS Secrets Manager, you can reference vault secrets and manage your integrations:
* To learn how to reference vault secrets in Postman, see [Use vault secrets](/docs/sending-requests/postman-vault/manage-vault-secrets/#use-vault-secrets).
* To learn how to troubleshoot vault secrets, see [Troubleshoot vault secrets](/docs/sending-requests/postman-vault/troubleshoot-vault-secrets/).
* To learn how to manage your integrations, see [Manage Postman Vault integrations](/docs/sending-requests/postman-vault/manage-postman-vault-integrations/).