Morioh
Login
Justyn Ortiz

Justyn Ortiz

3 years ago

Storing your secrets (e.g., API keys and passwords) in Postman environments might not meet your security requirements. Although they are stored at rest, they are accessible to every team member in plaintext. You can leverage Postman cookies as an alternative because they are local to the machine, the computer user, and the Postman desktop client.

You might be thinking, “Cookies are bad. They are also plain text.”

True. They are, but at least they are not stored in the Postman servers and accessible by every team member.

The Postman Sandbox supports the crypto-js package, which you can use to add more security to the cookie’s value.

Let’s explore how to use a Postman cookie. I’m not going to do the encryption for simplicity.

Creating the Cookie

In your request, click the “Cookies” link.

#api-management #api #secrets #cybersecurity #postman

How to use Cookies to Store Secrets in Postman

medium.com

How to use Cookies to Store Secrets in Postman

Storing your secrets (e.g, API keys, and passwords) in Postman environments might not meet your security requirements. Add the fake domain to your cookies. Add a cookie. Add a cookie to the fake domain. You can now use the cookie's value in your request.

2.00 GEEK