Jul 30, 2023

Postman: Scratchpad is end of life - Only cloud based workspaces possible --> How to keep the passwords/secrets secure?

Postman is the swiss army knife tool for dealing with HTTP(S) requests. You want to test anything with an GET, PUT, POST, OPTION call? Postman is the way to go.

But some months ago postman announced the following:

Scratchpad was the option to work locally on your PC with postman and nothing was synced to the cloud. That was really cool, because most of the HTTPS requests have to be authenticated in some way (basic auth, secrets for oauth, api-keys, etc...)
From my perspective cloud is a very cool thing, but moving all the sensitive parameters into the postman cloud is not really an option.
So what to do? 
  1. Check alternatives....
    But there is nothing like postman. e.g. the possibility to render the request to a curl, powershell, NodeJS axios, ... call and use this anywhere else....
  2. Remove all sensitive data from your request
    A good step (and just to note: it is bad design, if you ever stored secrets inside the calls :) )
  3. Now the calls do not work anymore....
But this problem was addressed really a long time ago (more than 4 years ago):

So here the link to the solution:

It is just this easy:use variables and do not fill the initial value!

Here the tests: 
First the local postman:

Second the browser postman:

As you can see: the current values are empty inside the cloud for all entries, which have the inital value not filled...
(By the way: the current value is always a copy of the inital value. If you put there something like test11 and test22, only test1 and test2 will show up in the cloud version).