Use PostmanPostman Vault

Create and manage vault secrets in Postman Vault

View as Markdown

Manage vault secrets in your Postman Vault to securely store and control access to sensitive data, such as API keys and tokens. Vault secrets include a key name, value, and optional allowed domains that determine where they can be used.

You can add vault secrets to your Postman Local Vault or Postman Shared Vault, use them in requests, and update or remove them as needed.

Add vault secrets

Add sensitive data, such as API keys and passwords, to your Postman Vault to securely store and reuse it. Vault secrets are encrypted using Advanced Encryption Standard (AES) with a 256-bit key length. Choose the vault type where you want to store it (Postman Local Vault or Postman Shared Vault), then enter the secret details. Only internal workspaces and Partner Workspaces can have a shared vault.

To add a vault secret, do the following:

  1. Choose the vault type where you want to store the secret.

  2. Enter the following values in an empty row:

    • Key — The name of the vault secret. Use this name to reference the secret.

    • Value — The sensitive data used when sending requests.

    • Allowed domains — A comma-separated list of domains and subdomains where the vault secret can be used. This helps prevent unintentional disclosure of sensitive data. By default, vault secrets can be used in requests to any domain. If you specify allowed domains, the secret can only be used at the request level for those domains.

      To allow sending requests to any subdomain of an allowed domain, use * to represent any subdomain. For example, add *.example.com to allow sending requests to any subdomain of example.com.

After you add a vault secret, you can use it in your requests by setting it as the value of a secure variable. Learn more about using vault secrets in Postman.

Other options for adding vault secrets to your Postman Local Vault only include:

  • Create an integration — Connect your local vault with an external vault provider, such as Azure Key Vault, to link and reuse managed secrets. Postman Vault integrations are available on Postman Enterprise plans with the Advanced Security Administration add-on. Learn more about Postman Vault integrations.
  • Set existing data as a vault secretSelect data in a request and save it as a vault secret.
  • Set vault secrets in scripts — Use the pm.vault.set() method to create vault secrets.

Set data as a vault secret

You can save values from a request as vault secrets in your local vault. This is useful when you receive sensitive data in a response or have existing data in your request that you want to secure as a vault secret.

To save data from a request as a vault secret, do the following:

  1. Select the value you want to store, such as in the URL builder or Params tab.
  2. Right-click the selected value and select Set as variable.
  3. Click Add icon Set as new variable.
  4. Enter a name for the vault secret, confirm the value, and select Vault as the scope.
  5. Click Set Variable.

To save authorization credentials as a vault secret, do the following:

  1. Click the Authorization tab.
  2. Select an authorization type.
  3. Enter a value in a field that holds sensitive data (such as a password or token).
  4. Hover over Secret warning icon Sensitive value, then click Set as Variable.
  5. Enter a name for the vault secret.
  6. Select Local Vault.

Set vault secrets in scripts

You can set vault secrets in your local vault from your scripts using the pm.vault object. Use pm.vault.set() to create or update vault secrets at runtime.

The pm.vault methods are asynchronous and return a Promise. Use the await operator to ensure the value is resolved before using it in your script.

1await pm.vault.set("postman-api-key", "my-secret-value");

Before you can use pm.vault methods in scripts, you must enable support and grant access to your vault secrets. Learn how to enable support for vault secrets in scripts and manage access.

Edit vault secrets

You can edit vault secrets in your Postman Vault by updating their values, names, and allowed domains. You can also update vault secret values directly from requests that reference them.

To edit vault secrets, open your Postman Vault and use the following options:

  • Filter secrets — Enter text in the Filter secrets box to find secrets by name.
  • Sort secrets — Click a column header to sort the list in ascending or descending order.
  • Add a secret — Click Add new secret in the bottom row of the table.
  • Edit key or value — Click the key or value cell to update it.
  • Edit allowed domains — Click the allowed domains cell to update the list.
  • Make a secret unavailable — Clear the checkbox next to a secret to make it unavailable. References to the secret are unresolved until you select the checkbox again.
  • Delete a secret — Hover over a secret and click Delete icon Delete.
  • Update external vault link — To link a different secret from an external vault, click Setting icon Configure vault, then click Edit icon Edit.