Integrate Postman Vault with Azure Key Vault

Postman Vault integrations are available on Postman Enterprise plans with the Advanced Security Administration add-on.

Azure Key Vault enables you to store sensitive data in a vault that's external from your Postman Vault. Once your Postman Vault is integrated with Azure Key Vault, you can link vault secrets with sensitive data stored in Azure Key Vault, and retrieve them when you send HTTP requests.

You can create Postman Vault integrations from the Postman desktop app.

Learn more about Postman Vault integrations.

About the Azure Key Vault integration

When setting up an integration with Azure Key Vault, you need to authenticate with your Microsoft Azure account. Then you can link vault secrets with Azure Key Vault using the secret identifier for each secret.

You can follow the steps to create a secret from Azure Key Vault. You can also follow the steps to retrieve a secret, enabling you to view the secret's identifier.

Postman recommends using an Azure Key Vault firewall to allowlist your static IP addresses. This enables you to retrieve secrets stored in your Azure Key Vault from your local instance of Postman.

Integrate with Azure Key Vault

When you create the integration, authorize Postman to access and retrieve secrets from Azure Key Vault.

Postman uses the OAuth 2.0 authorization code flow with Proof Key for Code Exchange (PKCE) to authenticate with Azure, which retrieves an access token. The access token is generated using the https://vault.azure.net/user_impersonation scope, and it's valid in Postman for 1 day.

You'll need to reauthenticate with Azure each time you open Postman, or when your access token expires in Postman.

To integrate with Azure Key Vault and authenticate with your Azure account, do the following:

  1. Open your Postman Vault.

  2. If you haven't created an integration with an external vault, select Vault icon Set up external vault in the top right of your Postman Vault. Otherwise, select Vault icon Use from existing vault. Then select Azure Key Vault.

    Optionally, you can select Settings icon Settings in the top right of your Postman Vault. Then select Connect next to Azure Key Vault.

    Your computer must be able to access your Microsoft Azure instance.

  3. You'll be prompted to authorize Postman to access your Microsoft Azure account. After you grant access, you can close the browser tab and return to Postman.

Link a vault secret's value with a secret stored in Azure Key Vault. This enables you to retrieve a secret stored in Azure Key Vault directly from your local instance of Postman. Once you link a vault secret's value, reference the vault secret in your local instance of Postman, and the secret is retrieved from Azure Key Vault when you send the HTTP request that references the vault secret.

Secrets retrieved from Azure Key Vault aren't stored in your local instance of Postman or the Postman cloud. Learn more about Postman Vault integrations.

Vault secrets are deleted from your Postman Vault after signing out of Postman. Your vault secrets can't be recovered with your vault key. When you sign in to Postman and open your Postman Vault, you can create the integration and link a vault secret's value.

Before you link a vault secret, make sure you have at least the Key Vault Secrets User role in Azure. This enables you to retrieve secrets stored in Azure Key Vault from your local instance of Postman.

To link a vault secret's value with Azure Key Vault, do the following:

  1. In Postman, enter a name for the vault secret, hover over the Value cell, then select Vault icon Link Vault.

    Link Azure value

    If you've already integrated with an external vault, you can link a secret from a different external vault provider. Select Add icon Add new vault, then select an external vault.

  2. Enter the Secret Identifier on the Link secret window. The secret identifier is the URI of the secret in Azure Key Vault. Learn more about identifiers in Azure Key Vault.

    https://<vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version-id>

    The latest version of the secret will be used unless you include the version ID.

  3. Select Use.

Linked Azure secret

To view details about a secret you've linked from Azure Key Vault, select Setting icon Configure vault next to a secret.

Azure secret details

You can also use scripts to access vault secrets linked with Azure Key Vault. Postman doesn't support setting the value of vault secrets linked with external vaults.

Make sure you enable scripts to access your vault secrets. Otherwise, you'll receive an error in the Postman Console.

Next steps

After integrating Postman Vault with Azure Key Vault, you can reference vault secrets and manage your integrations:

Last modified: 2024/04/29

Postmanaut dancing. Illustration.