Store secrets in your Postman Vault
Postman Vault enables you to store sensitive data as vault secrets in your local instance of Postman. This enables you to securely reuse sensitive data in your HTTP collections and requests. Only you can access and use values associated with your vault secrets, and they aren't synced to the Postman cloud.
Access your Postman Vault
You can open your Postman Vault from the Postman desktop app or the Postman web app. To open your Postman Vault, open a workspace then select 
Vault from the Postman footer. You can also select Control+Shift+V or Ctrl+Shift+V to open your Postman Vault.
If this is your first time opening your Postman Vault, Postman generates your vault key when you open your Postman Vault. Save your vault key to open your Postman Vault when you sign in to Postman again later.
You'll need to enter your vault key each time you sign in to Postman to open your Postman Vault. You can enter your vault key in the following ways, depending on how you saved your vault key:
- If you stored your vault key in your system's password manager, Postman will get your vault key and open your Postman Vault. If you're using the Postman web app, make sure you're using the Postman Desktop Agent so Postman can get your vault key.
- If you chose not to store your vault key in your system's password manager, open your Postman Vault, manually enter your vault key, and select Open Vault.
Update to the latest version of the Postman Desktop Agent to receive recent changes and improvements in the Postman web app.
Vault secrets are deleted from your Postman Vault after signing out of Postman. Your vault secrets can't be recovered with your vault key. When you sign in to Postman and open your Postman Vault, you can add vault secrets back to your Postman Vault.
Once you've opened your Postman Vault, you can add, edit, and use your vault secrets.
About vault secrets
Vault secrets are sensitive data, such as API keys and passwords, that you store in your Postman Vault and reuse in your local instance of Postman. Only you can access and reuse values associated with your vault secrets, and they aren't synced to the Postman cloud. Also your vault secrets are encrypted using Advanced Encryption Standard (AES) with a 256-bit key length.
Collaborators can see references to your vault secrets, such as {{vault:postman-api-key}}, in shared workspaces, enabling secure collaboration between teammates. API consumers can also see references to your vault secrets in public workspaces, enabling you to show an example of a secret. Collaborators and API consumers can add each vault secret to their Postman Vault with their own value.
If you're on an Enterprise plan with the Advanced Security Administration add-on, you can link vault secrets with sensitive data stored in an external vault, such as Azure Key Vault. Learn more about Postman Vault integrations.
Learn about Postman Vault features that require the Postman desktop app.
Other options for storing and reusing values
You can use variables to store and reuse the same value, such as URLs, in multiple places. Variables can be shared with collaborators. While Postman Vault is highly recommended for storing sensitive data, you can use the following options to store sensitive data in variables:
-
You can add sensitive data as only the current value of a variable. This means the value is local to your instance of Postman and it isn't synced to the Postman cloud. Note that you can choose to persist a variable, which syncs the current value to the Postman cloud and shares it with collaborators.
-
You can set the variable type as secret type in global and environment variables. This enables you to mask sensitive data in the initial and current values. Note that collaborators with access to the workspace can view a secret type variable's values. Also, collaborators with additional permissions can change the variable type, unmasking it for collaborators.
Manage your vault key
Save your vault key to open your Postman Vault when you sign in to Postman. Save or download your vault key to a secure location. You can store your vault key in your system's password manager, enabling Postman to automatically get your vault key when you sign in to Postman. Otherwise, you must manually enter your vault key each time you sign in to Postman. Note that your vault key isn't synced to the Postman cloud. Learn how to save and manage your vault key.
If you stored your vault key in your system's password manager and you're using the Postman web app, use the Postman Desktop Agent so Postman can get your vault key.
Vault secrets are deleted from your Postman Vault after signing out of Postman. Your vault secrets can't be recovered with your vault key. When you sign in to Postman and open your Postman Vault, you can add vault secrets back to your Postman Vault.
Add, edit, and use vault secrets
Add vault secrets to your Postman Vault to reuse them in your local instance of Postman. Then you can reference vault secrets in your HTTP collections and requests, variables, and the Collection Runner.
You can also use Guided Auth to add vault secrets that have authentication credentials for public APIs. Reference vault secrets added using Guided Auth in your HTTP requests, and reuse your authentication credentials in new HTTP requests to the same public APIs.
The following shows some high-level differences between adding vault secrets without and with Guided Auth:
| Vault secrets | Vault secrets using Guided Auth |
|---|---|
| Stores any type of secret, such as API keys and passwords | Stores authentication credentials for public APIs in Postman |
| You can add vault secrets directly in Postman Vault | You must use Guided Auth to add vault secrets |
| Add vault secrets at any time | API publishers must set up Guided Auth for their public APIs |
| Postman doesn't suggest specific vault secrets | Postman suggests saved vault secrets for future requests to public APIs |
| Link vault secrets with external vaults | Can't link vault secrets with external vaults |
Postman Vault integrations
Postman Vault integrations enable you to link vault secrets with secrets stored in an external vault. You can then reference vault secrets in your local instance of Postman, and retrieve the value of secrets stored in external vaults when you send HTTP requests. You can also manage and update your Postman Vault integrations.
Postman supports the following Postman Vault integrations:
Feature availability
The following features require the Postman desktop app:
-
Open Postman Vault from public workspaces - You must use the Postman desktop app to open your Postman Vault from a public workspace, and reference vault secrets in a public workspace. If you're using the Postman web app, you must add new vault secrets to your Postman Vault if you're opening it from a public workspace.
-
Preserve vault secrets when you join or leave a team - You must use the Postman desktop app to preserve your encrypted vault secrets after you join a new team or leave a team. If you're using the Postman web app, vault secrets won't be available from your Postman Vault when you join a new team or leave a team. Then you can add new vault secrets to the team you joined from, or a team you rejoined if using the Postman web app.
-
Create and manage Postman Vault integrations (Enterprise teams only) - You must use the Postman desktop app to create and manage Postman Vault integrations. If you're using the Postman web app, Postman Vault integrations won't be available.
Troubleshoot vault secrets
To learn how to troubleshoot empty and unresolved vault secrets, see Troubleshoot vault secrets.
Last modified: 2024/04/29
