**When testing APIs, software engineers often repeat identical values across multiple requests, but who wants to waste time typing the same values every time? **
[Insomnia](https://insomnia.rest)Insomnia's environment variables solve this problem by allowing you to define a value once as an environment variable and reference that value wherever it’s needed. Insomnia also enables you to override certain variables using sub-environments or folder environments. Standard variables are base URLs, authentication tokens and resource IDs, but you can create any variables that help you save time.
Eventually, you'll run into a request that requires some form of authentication. The issue with storing passwords in plain text is that anyone can read them.
This issue prompted the community to question how to avoid plain-text passwords in the “Manage Environments” section of Insomnia. Thanks to a combination of [community contributions](https://github.com/Kong/insomnia/issues/2593)community contributions and Insomnia features, you can easily avoid this situation through various options:
The easiest solution is to use private environments. A private environment will never be exported or synced. However, it will still be in plain text, so it doesn't completely solve the issue at hand, but I wanted to point out that it is available.
My preferred option would be using env files. An Insomnia plugin created by community member Edirin made this possible. Huge thanks to him for creating this [Insomnia Plugin – dotenv](https://insomnia.rest/plugins/insomnia-plugin-dotenv)Insomnia Plugin – dotenv that makes it tenfold easier to use env files in environments.
To use Edirin's creation:
The alternative, and perhaps easier, installation method is to visit the [plugin hub](https://insomnia.rest/plugins/insomnia-plugin-dotenv)plugin hub and click the "Install in Core" button on the top right.
After installing the dotenv plugin:
[Opender](https://github.com/develohpanda)Opender took it one step further by utilizing the [Insomnia Plugin – dotenv](https://insomnia.rest/plugins/insomnia-plugin-dotenv)Insomnia Plugin – dotenv alongside sub environments.
This is handy for collaboration. The environment variable setup is shared (in the base environment). Still, each collaborator provides the specific keys from a file on their file-system, which is never synced or exported.
The results of this collaboration to avoid plain-text passwords in Insomnia demonstrate two things:
The combination of these two created a fantastic new plugin and excellent use case. I'd like to make one last shout out to Alex for kicking it off in the following [GitHub issue](https://github.com/Kong/insomnia/issues/2593)GitHub issue. We're all a little better at protecting our plain-text passwords now, thanks to you.
You can explore the other 250+ Insomnia plugins available on the [Plugin Hub](https://insomnia.rest/plugins)Plugin Hub. There are tons of excellent open source plugins. If you can't find something you need, Insomnia has [documentation](https://support.insomnia.rest/article/26-plugins)documentation to help you create your own.
Check out our recent blog post for even more Insomnia tips: [Service Design Guidelines with OpenAPI and Kong](https://konghq.com/blog/service-design-guidelines-with-openapi-and-kong-part-i)Service Design Guidelines with OpenAPI and Kong
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to impro
[](https://konghq.com/blog/product-releases/insomnia-11)
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team
[](https://konghq.com/blog/enterprise/insomnia-vs-postman-evaluating-api-testing-tools)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
Running Kong in front of your Solace Broker adds real benefits: Authentication & Access Control – protect your broker from unauthorized publishers. Validation & Transformation – enforce schemas, sanitize data, and map REST calls into event topics.
[](https://konghq.com/blog/engineering/smarter-event-driven-apis-kong-solace)
Today we’re excited to show how Kong Enterprise customers can utilize our new plugin for HashiCorp Vault for authentication and secrets management. Like the Terraform integration released last year, this new integration with Vault represents ano
[](https://konghq.com/blog/news/announcing-kongs-integration-vault)
The widespread adoption of Kafka and event streaming platforms is evident across several enterprises, where they serve as the backbone of critical operations, ranging from financial transactions to AI inference pipelines. However, in the domains of
[](https://konghq.com/blog/product-releases/kong-event-gateway-1-1)
We've been all ears. Your workflows clearly told us what mattered most: tabs that adapt to how you actually work, Git commits you can actually understand, and admin controls that don't require a manual to navigate. Insomnia v12.4 discards the fricti
[](https://konghq.com/blog/product-releases/insomnia-12-4)