Postman

postman edition enterprise + open source the postman integration scans workspaces, collections, requests, and authorization configurations in postman for credentials and other sensitive data configuration the postman integration can be configured in trufflehog under integrations , or via a local configuration file (below) setup requires a postman api key and, optionally, the ids of the workspaces you want to scan generating a postman api key log into postman and go to the api keys page set the expiration as needed and click generate api key finding a workspace id open the workspace in postman and click the ⋯ menu on the far right of the page to view its id web configuration configure this integration from the integrations page in trufflehog you'll need a postman api key and the ids of the workspaces you want to scan local configuration multiple workspace ids can be included if workspaces is omitted, the scanner enumerates and scans every workspace the api key has access to sources \ connection "@type" type googleapis com/sources postman token pmak xxxxxxx workspaces \ \<workspace id 1> \ \<workspace id 2> name postman scanperiod 12h type source type postman verify true configuration options field type required description token string yes postman api key workspaces list no explicit list of postman workspace ids to scan omit to enumerate all workspaces the api key can access capabilities feature supported scan workspaces ✅ scan collections ✅ scan folders ✅ scan requests ✅ scan saved responses ✅ scan environments ✅ scan authorization configurations (basic auth, bearer tokens, api keys, aws, oauth2) ✅ notes the globals environment, workspace response history, and collection descriptions are not scanned