Closed cneijenhuis closed 6 years ago
@cneijenhuis great thing. I need to check something regarding data security again with Postman on short notice for that, as we got some issue by @jenschude regarding uploaded environment variables. It might be, we can work around it with a simple note for the downloader.
OK, feel free to merge once you have clarified it (I'll be on vacation, as you know :) )
The "problem" currently is, that the environment data, which can be sotred in postman is synchronized with the postman repositories. There it is secured in a encrypted AWS system. Though, the encryption on the data is handled server-sides. They are working on a solution for client side encryption. This is the text I received from postman on a security enquiry:
We use AWS as our infrastructure provider. Postman data is stored in encrypted databases on Amazon RDS. Postman uses Secure Websockets (wss) for all communication between the app and our servers. Data is AES-128/SHA-256 encrypted and sent over TLS 1.2 during transit. Data, depending upon its internal sensitivity classification, is also AES-256-GCM encrypted at the application layer prior to storage. In the near future, we will also introduce Client-Side Encryption.
What will be needed here is a notification to the downloader and user, that states that:
Shall I write something for that or do you have something matching in mind?
@czacherl Please write something :)
I'll merge it, I think the notice can be done in another PR.
API Client can now be downloaded from the MC in the Postman Environment format. It works with the default Import dialog 👍