Postman is logging all your secrets and environment variables

Rimu@piefed.social · edit-2 3 days ago

Postman is logging all your secrets and environment variables

blarth · 3 days ago

Who the fuck is using postman anymore anyway?

jaybone@lemmy.zip · 3 days ago

What alternative do you recommend? Last I checked, the alternatives weren’t so great.

monogram@feddit.nl · 3 days ago

https://www.usebruno.com/ Open source, no cloud, git friendly

kora@sh.itjust.works · edit-2 3 days ago

Check hurl out. Unlike bruno or Postman, it is free and blazingly fast. Define your requests in plain text format and commit them to your version control.

It also allows you to export your plain text hurl files as curl commands.

kinkles@sh.itjust.works · 3 days ago

If you are already using JetBrains IDEs, a lot of them have a built-in http client that isn’t too bad.

heming@programming.dev · 2 days ago

Yaak https://yaak.app/

ᕙ(⇀‸↼‶)ᕗ@lemm.ee · 3 days ago

insomnia

jaybone@lemmy.zip · 3 days ago

Yeah I recall that not working so well.

qweertz (they/she)@programming.dev · 3 days ago

Isn’t Insomnia pulling the same shit as Postman nowadays?

There was a soft fork Insomnium but that’s been unmaintained for a long while, so I just use Bruno

fubarx@lemmy.world · 3 days ago

Was using Bruno and RapidAPI (fka MacPaw) locally, but they couldn’t do conditional sequences properly. Switched to Postman, which could, despite knowing they kept everything on the cloud.

Guess I’m switching back 🤦🏻‍♂️

blarth · 2 days ago

I left postman behind after the forced cloud integration, but admittedly, it is difficult to find something as simple and richly featured to replace it.

I ended up using a vs code extension called Thunder Client.

realbadat@programming.dev · 2 days ago

Unfortunately, I do, for one client for work as a requirement.

Its for their own tool though, so its their problem.

CodeBlooded@programming.dev · 2 days ago

I ditched it in favor of simple Python scripts, which is fine for my needs. Others at work seem to like it though.

Rimu@piefed.social · 3 days ago

500k customers

https://getlatka.com/companies/postman

lorty@lemmy.ml · 2 days ago

My company banned the use of postman for a few years now.

If it requires a login, you can be sure it is scraping everything it can.

Taco Dave@puz.fun · 2 days ago

@lorty @webdev you ever run into issues/cases where a third-party you integrate with sends you a Postman collection and expects you to use it for testing?

lorty@lemmy.ml · 2 days ago

Not from a third party, but I did have to adapt a lot of collections to use on Insomnia. It does allow importing from the postman v3 collection format, but it’s a bit hit or miss on wether it works 100%. I had a few problems with sequential requests, but they were easy enough to fix in my case.

If it’s just for testing, I’d try that. If they require Postman it for validation purposes, then there really isn’t much you can do.

kinkles@sh.itjust.works · 3 days ago

This article contradicts itself. It says “all secrets” and then says headers are not logged to Postman.

PokerChips@programming.dev · 2 days ago

Http scripts get you 50% there which, with a dab of code on top gives me pretty much of what i need.