How to handle API keys before committing #9394
-
|
I see that Insomnia has the ability to store your request collections in the cloud. Some of my requests collections have API keys in the headers which I wouldn't want committed. What mechanisms exist in insomnia so that I can still test my requests while not actually having my API keys committed? Thanks for your assistance. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Insomnia allows you to sync your collections to the cloud while keeping sensitive information safe. The recommended approach is to use environment variables for secrets like API keys, instead of including them directly in your request headers. You can reference a variable in your request (for example, {{ api_key }}) and store the actual value in a local environment or sub-environment. When you sync the project, the requests and variable references are saved to the cloud, but the API key value itself remains local and is not uploaded. “Cloud Sync Project” means the project can be synced, and “Uncommitted changes” indicates local changes that haven’t been pushed yet. Once synced, your requests will be available across devices or to team members without exposing your API keys. |
Beta Was this translation helpful? Give feedback.
Insomnia allows you to sync your collections to the cloud while keeping sensitive information safe. The recommended approach is to use environment variables for secrets like API keys, instead of including them directly in your request headers.
You can reference a variable in your request (for example, {{ api_key }}) and store the actual value in a local environment or sub-environment. When you sync the project, the requests and variable references are saved to the cloud, but the API key value itself remains local and is not uploaded.
“Cloud Sync Project” means the project can be synced, and “Uncommitted changes” indicates local changes that haven’t been pushed yet. Once synced, your reque…