When testing APIs, software engineers often repeat identical values across multiple requests, but who wants to waste time typing the same values every time?
Insomnia's environment variables solve this problem by allowing you to define a value once as an environment variable and reference that value wherever it’s needed. Insomnia also enables you to override certain variables using sub-environments or folder environments. Standard variables are base URLs, authentication tokens and resource IDs, but you can create any variables that help you save time.
Eventually, you'll run into a request that requires some form of authentication. The issue with storing passwords in plain text is that anyone can read them.
This issue prompted the community to question how to avoid plain-text passwords in the “Manage Environments” section of Insomnia. Thanks to a combination of community contributions and Insomnia features, you can easily avoid this situation through various options:
The easiest solution is to use private environments. A private environment will never be exported or synced. However, it will still be in plain text, so it doesn't completely solve the issue at hand, but I wanted to point out that it is available.
My preferred option would be using env files. An Insomnia plugin created by community member Edirin made this possible. Huge thanks to him for creating this Insomnia Plugin – dotenv that makes it tenfold easier to use env files in environments.
To use Edirin's creation:
The alternative, and perhaps easier, installation method is to visit the plugin hub and click the "Install in Core" button on the top right.
After installing the dotenv plugin:
Opender took it one step further by utilizing the Insomnia Plugin – dotenv alongside sub environments.
This is handy for collaboration. The environment variable setup is shared (in the base environment). Still, each collaborator provides the specific keys from a file on their file-system, which is never synced or exported.
The results of this collaboration to avoid plain-text passwords in Insomnia demonstrate two things:
The combination of these two created a fantastic new plugin and excellent use case. I'd like to make one last shout out to Alex for kicking it off in the following GitHub issue. We're all a little better at protecting our plain-text passwords now, thanks to you.
You can explore the other 250+ Insomnia plugins available on the Plugin Hub. There are tons of excellent open source plugins. If you can't find something you need, Insomnia has documentation to help you create your own.
Check out our recent blog post for even more Insomnia tips: Service Design Guidelines with OpenAPI and Kong
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to impro
🚧 The challenge: Scaling GenAI with governance While building a GenAI-powered agent for one of our company websites, I integrated components like LLM APIs, embedding models, and a RAG (Retrieval-Augmented Generation) pipeline. The application was d
Why are Microservices Security Risks? Traditional security was simple. One perimeter. Few entry points. Clear boundaries. Microservices shattered this model. Now organizations manage hundreds of independent services. The average number of API calls
The Challenge: Securing Distributed Systems Netflix operates over 1,000 microservices handling two billion daily requests (Microservices architecture: from Netflix to APIs). One security gap can trigger cascading breaches. Traditional perimeter sec
What are Control Plane Groups? Control Plane Groups in Kong Konnect provide a structured way to manage multiple control planes within a single organization. Think of it as a federated approach: different teams can deploy and manage their own APIs wh