Secret Variables visible 👀 on console

[ivikramsahu]

Is there an existing issue for this?

• [X] I have searched the existing issues

Describe the Issue

The Variables which are set to secret type can be easily visible (unmasked) on console while debugging or screen sharing.

Steps To Reproduce

1. Set an environment / global / collection variable to secret type.
2. Use the variable in one of your API request.
3. Open and clear your console tab
4. Hit the send button to get the secret variable value visible.

Screenshots or Videos

No response

Environment Information

- Operating System: MAC OS Monterey
- Platform Type: Web
- Postman Version:

Additional Context?

No response

[MichaelLeonardRavens]

We need to send secrets in the body of a request in order to get back an auth token. It would really help to get this fixed so that the secrets are not published in pipeline run logs.

[MichaelLeonardRavens]

Just the ability to turn off JSON request body console logging for a specific request would be enough for us. If JSON worked like graphql (which is not logged automatically) then that would be fine.

[anandvarkeyphilips]

I am also waiting for a solution for this!

[old-square-eyes]

Keen. Any news?

[ext-parul]

Issue is still seen please help fix this issue or suggest an alternate

[theonly1me]

Hi folks, (@ivikramsahu @ext-parul @old-square-eyes @anandvarkeyphilips @MichaelLeonardRavens), we've now released the Postman Vault which is an encrypted local storage on Postman. You can use it to store your api keys, secrets or other sensitive information locally.

The secrets in your vault are only accessible by you and are masked in the console by default. You can learn more about the Vault on the Postman Learning Center page.