How to Secure Data in Postman Requests with Dotcom-Monitor

It is good practice to secure data like login and passwords that are sent along with Postman Collection requests from being exposed to users with restricted access in your Dotcom-Monitor account. The best way to do this is to store sensitive data in variables and encrypt the variables to protect the values from unauthorized access.

To protect sensitive information passed along with test request parameters, Dotcom-Monitor offers a feature called Secure Vault. Once added to Secure Vault, sensitive data is encrypted and stored in so-called Crypt containers. The values of variables protected with Secure Vault are available for viewing and editing only for users of your Dotcom-Monitor account with corresponding access permissions.

To pass encrypted values from pre-defined Crypt variables to the script, Dotcom-Monitor provides pre-request script functionality implemented with Prepare Script. Prepare Script runs before the Postman Collection is sent to a target Web API. It retrieves variable values from the related Crypt containers, and passes the values to the Postman Collection.

Let’s assume that you have already imported a Postman Collection with variables that must be secured into Dotcom-Monitor.

The next step is to add the variables and set their values in Secure Vault. To do this, from the left sidebar menu, select Manage > Secure Vault. Please read the Secure Vault article for detailed explanations on how to add new variables to Secure Vault.

Finally, when the variables are added to a Crypt and saved to Secure Vault, we can access the Crypt variable values by using the following expression in the Prepare Script field of the Postman Collection task:

context.<Variable_name> = SecureVault.<Crypt_name>.<CryptVariable_name>;

where Crypt_name is the name of the Crypt that contains encrypted values and CryptVariable_name is a variable name as it appears in the Crypt.

Note that variable names in the Prepare Script field must be identical to the names referred to in double-curly braces {{variable_name}} in the imported Postman collection.

The variable values are passed to the test before the collection run and cleared up in all reportable data once used. The corresponding request parameter values will be masked in the test reports with asterisk symbols.