# Manage publicly exposed Postman API keys

Postman [API keys](https://blog.postman.com/how-to-use-api-keys/ "https://blog.postman.com/how-to-use-api-keys/") provide access to the Postman user’s and team’s data. When Postman API keys are exposed in Postman public elements, such as public workspaces and documentation, as well as public [GitHub](https://blog.postman.com/how-were-protecting-your-postman-api-keys-in-github/ "https://blog.postman.com/how-were-protecting-your-postman-api-keys-in-github/") and [GitLab](https://blog.postman.com/protecting-your-postman-api-keys-in-gitlab/ "https://blog.postman.com/protecting-your-postman-api-keys-in-gitlab/") repositories, they are accessible to anyone on the internet—and this can be a nightmare for the user and team if they fall into the wrong hands.

Today, we’re announcing new capabilities to our [Manage Postman Keys](https://go.postman.co/manage-postman-keys "https://go.postman.co/manage-postman-keys") page, adding visibility and control for publicly exposed Postman keys.

Now, the [Super Admin](https://blog.postman.com/introducing-the-super-admin-role/ "https://blog.postman.com/introducing-the-super-admin-role/") and Admin users in Postman can view publicly exposed API keys by visiting the [Manage Postman keys](https://go.postman.co/manage-postman-keys "https://go.postman.co/manage-postman-keys") page. Postman API keys detected in public repositories on GitHub and GitLab (only Ultimate projects supported on [GitLab.com](https://gitlab.com/ "https://GitLab.com")) and Postman’s public workspaces are visible on this page. Admins can see the name of an exposed key, location of the exposed key, the detected date, the last used date of the key, and the team member who created it.

 ![](https://blog.postman.com/wp-content/uploads/2023/09/Screenshot-2023-09-12-at-5.43.15-PM.png)Manage Postman keys page in PostmanSuper Admin and Admin users can revoke the exposed keys manually or by enabling a setting to automatically revoke a Postman API key when they are found to be exposed and notify the key owner via email. Admins can see all API keys revoked or auto-revoked on the [Audit Logs](https://learning.postman.com/docs/administration/audit-logs/) page. Once a key is revoked, it will automatically resolve the corresponding finding on the [Secret Scanner dashboard](https://go.pstmn.io/secret-scanner/).

 ![API keys settings page in Postman](https://blog.postman.com/wp-content/uploads/2023/09/Screenshot-2023-09-11-at-4.58.52-PM.png)API keys settings page in Postman## Learn more

 This new feature that auto-revokes exposed Postman API keys is now available with all our [Enterprise plans](https://www.postman.com/postman-enterprise/), so please get in touch with [Postman sales](https://www.postman.com/company/contact-sales/) to upgrade and gain access if you aren’t already an Enterprise plan user. You can also find more details about managing Postman API keys in our [Learning Center](https://learning.postman.com/docs/administration/managing-api-keys/). Additionally, you can visit the [Postman Trust Center](https://www.postman.com/trust/ "https://www.postman.com/trust/") to gain knowledge about organizational security and how to protect your accounts and data in Postman. [**Try Postman now**](https://www.postman.com/downloads/)