Integrations

Postman Integration

Export your secr secrets as Postman-compatible environment files. Import them into Postman or pipe them to Newman for CI/CD API testing.

CLI Usage

terminal

# Export current environment to stdout
secr postman export

# Export a specific environment
secr postman export --env staging

# Write to a file
secr postman export --env production --output production.postman_environment.json

# Custom environment name in Postman
secr postman export --name "My API - Staging"

Options

Flag	Description	Default
--env <env>	Override the default environment	Project default
--name <name>	Postman environment name	{project}-{env} (secr)
--output <file>	Write to file instead of stdout	stdout
--prefix <prefix>	Only include keys starting with prefix	all keys
--strip-prefix	Remove prefix from key names in output	false

Output Format

The exported JSON follows the Postman Environment format. All values use "type": "secret" so Postman masks them in the UI.

my-app-staging.postman_environment.json

{
  "name": "my-app-staging (secr)",
  "values": [
    {
      "key": "API_BASE_URL",
      "value": "https://api.example.com",
      "type": "secret",
      "enabled": true
    },
    {
      "key": "API_KEY",
      "value": "sk_live_abc123",
      "type": "secret",
      "enabled": true
    }
  ]
}

Key Filtering

Use --prefix and --strip-prefix to export a subset of keys with clean names.

terminal

# Given secrets: POSTMAN_TOKEN=abc, POSTMAN_URL=https://..., DATABASE_URL=postgres://...

secr postman export --prefix POSTMAN_ --strip-prefix
# Output keys: TOKEN, URL (DATABASE_URL excluded)

This is useful when you namespace API-related secrets with a prefix like POSTMAN_ or API_.

Newman CI/CD Integration

Use the exported file with Newman to run Postman collections in CI pipelines.

Basic Usage

terminal

# Export secrets and run tests
secr postman export --env staging --output env.json
newman run collection.json -e env.json

GitHub Actions

.github/workflows/api-tests.yml

- name: Export secrets for Postman
  run: secr postman export --env staging --output env.json
  env:
    SECR_TOKEN: ${{ secrets.SECR_TOKEN }}

- name: Run API tests
  run: npx newman run tests/api.postman_collection.json -e env.json

Piping to Newman

terminal

secr postman export --env staging | newman run collection.json -e /dev/stdin

Server-Side Sync (Pro+)

Push secrets to a Postman environment automatically when they change in secr. No more manual exports.

Masked by default: All values pushed via the API use "type": "secret", so they appear masked in the Postman UI. Engineers never handle secrets directly — they flow from secr (with RBAC, audit, rotation) to Postman automatically.

Connect

terminal

# Connect to a Postman environment
secr postman connect \
  --api-key PMAK_xxx \
  --postman-env-id <id> \
  --auto-sync

# With workspace and prefix filtering
secr postman connect \
  --api-key PMAK_xxx \
  --postman-env-id <id> \
  --workspace-id <id> \
  --prefix APP_ --strip-prefix

Manual Sync

terminal

secr postman sync
secr postman sync --env staging

Status & Disconnect

terminal

secr postman status       # View all sync mappings
secr postman disconnect   # Remove the sync mapping

Auto-Sync

When enabled (default), every secret mutation triggers a background sync to Postman — including set, delete, promote, and rollback operations. Sync is fire-and-forget and never blocks the API response.

Start exporting to Postman

Install the CLI, link your project, and export your first environment.

Create Free Account Back to Docs