search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.84k stars 839 forks source link

Have "Secret" tagged environment variables NOT sync'd on Postman Cloud #10768

Open johns1uphealth opened 2 years ago

johns1uphealth commented 2 years ago

Is there an existing request for this feature?

Is your feature request related to a problem?

When using the "Secret" feature to protect user credentials and other private values it seems like these values are still sync'd to the Postman Cloud. Is it possible to have any variables marked as "Secret" not sync'd to the Cloud, regardless if the values are in the "INITIAL VALUE" column or not?

Describe the solution you'd like

To not sync environment variables marked as "Secret", regardless if a value is in the "INITIAL VALUE" column or not.

Describe alternatives you've considered

The alternative depends on all users remembering to not put secret info like credentials and such in the INITIAL VALUE column. This is OK but prone to human error.

Additional context

You could say this is a security issue because these "Secret" values are now exposed to the (PM) Cloud and could be accessible to any PM engineer or anyone who compromised the Postman Cloud security. (not likely but possible but for health information this is or could be a HIPAA violation.)

mateuszjanczak commented 1 year ago

I'm very interested in this feature.

+1 for adding it

rolfmadsen commented 8 months ago

I switched to Insomnia.rest for this very reason after having used Postman extensively.

lizjackson-toast commented 6 months ago

+1 for this feature request, some of my teammates have expressed interest too