Postman is logging all your secrets and environment variables

by primitivesuaveon 5/16/2025, 2:02:00 PM with 5 comments
  • by az09mugenon 5/16/2025, 5:50:37 PM

    I don't get why people still use postman when you have nice open-source tools such as Bruno [0], which actually can do a lot of what postman does, and more than that you can even import your postman collections.

    [0] : https://github.com/usebruno/bruno

  • by pjmlpon 5/16/2025, 3:34:23 PM

    There is a reason why it is now a forbidden tool in many corporations.

  • by primitivesuaveon 5/16/2025, 2:02:00 PM

    I wrote up my findings on this late last night, so I would greatly appreciate anyone who might be able to give me an independent sanity check that this is actually what's happening.

  • by mysterious9247on 5/23/2025, 8:03:24 AM

    [dead]