Announcing the Postman Secret Scanner for team workspaces
The Postman Secret Scanner has been providing invaluable assistance in securing your publicly accessible data on Postman. Also, our partnership with GitHub and GitLab helps users protect their Postman API keys while safely integrating their workflows.
Today, we’re excited to take a significant step further in protecting your team’s secrets: the Secret Scanner feature is now available for both team and public workspaces. This update will help teams monitor secrets inside their team workspaces. By default, the Secret Scanner scans for secrets issued by prominent service providers such as Amazon, Google, GitHub, etc. You can see the comprehensive list of support secrets here.
Secret Scanner for team workspaces
Super Admin and Admin users can access all identified secrets within their team and public workspaces. Also, we’ve extended the access to Workspace Admins to view secrets within the workspaces for which they have the Admin roles.
These identified secrets can be viewed from the Secrets Detected tab, accessible via the Team option within the Postman header, followed by the Secret Scanner subsection:
You can filter secrets based on workspace visibility types, workspace names, and secret types. Clicking on a listed secret will provide more details, such as the exact location of the secret and remediation steps users can take to protect their secrets. You can resolve a secret by selecting an appropriate reason from the drop-down:
To view resolved secrets, visit the Resolved tab on the Secrets Detected page.
Status of a Postman API Key
The current status of a Postman API key is shown on the details page if it belongs to you or your team member. This helps in the identification of a valid Postman API key:
Secret Scanner Report
Another exciting addition is our Secret Scanner Report. This new report provides valuable insights into secrets present in team and public workspaces, helping you make informed decisions to enhance the security and compliance of your Postman team.
You can access these reports by clicking on the Reports option within the Secret Scanner tab found under the team Settings section:
Managing Secret Scanner findings with the Postman API
Users with Admin, Super Admin, and Workspace Admin roles can access Secret Scanner findings via the Postman API. This enables users to create custom automation workflows to retrieve and resolve identified secrets. Detailed information can be found within the API documentation.
Learn more
Learn more about the Secret Scanner features on our Learning Center. Contact Postman sales to upgrade your team to the Enterprise Ultimate plan and start leveraging the Secret Scanner across your workspaces today. Also, visit our Postman Trust Center to learn about our organizational security and how to further protect your accounts and data in Postman.
What do you think about this topic? Tell us in a comment below.