[Recent leaks](https://www.cloudsek.com/blog/postman-data-leaks-the-hidden-risks-lurking-in-your-workspaces)Recent leaks have once again brought API and data security concerns into the spotlight. Specifically, the leaks pointed at the following as major areas to consider when thinking through your API and data security strategies:
When considering the above, it’s critical to think about best practices across every stage of the API lifecycle, starting with the initial phases of API design and testing. To help organizations strengthen and properly manage their API and data security postures, we built Kong Insomnia into the larger API platform offering here at Kong. Compared to a tool like Postman, Insomnia was built from the ground up to support advanced security use cases and sensitive data environments.
In this blog, we’ll cover how to leverage some of Insomnia’s security-oriented differentiators to address concerns related to the [recent data leak](https://www.cloudsek.com/blog/postman-data-leaks-the-hidden-risks-lurking-in-your-workspaces)recent data leak.
Collection governance is the process of implementing access controls around API collections to prevent data leakage. This is especially crucial when sharing APIs with external collaborators, as improper API access control could invite malicious actors to easily obtain and misuse sensitive business data.
Insomnia prioritizes collection governance by ensuring collections are never publicly available by default — only explicitly authorized users can access them. With RBAC (role-based access control), admins can assign permissions, enforce strict access controls, and manage whether collections are allowed to be synced to the cloud. Private environments add another layer of protection by ensuring that sensitive data, like API keys, are never synced and always remain local.
Insomnia also integrates with popular third-party vaults like AWS Secrets Manager, Azure Key Vault, GCP Secret Manager, and HashiCorp Vault — enabling streamlined secrets management and removing the need for plain-text storage. This is available out-of-the-box, with no additional add-on fee.
*Integrate with your external vault of choice for streamlined secrets management.*
Data security and data locality go hand in hand. Many organizations, especially those operating in highly regulated industries, may prefer to not store their data in the cloud for security and compliance reasons.
Insomnia provides organizations with the flexibility to store their data where they want to: 100% locally, via Git, or in the cloud. We understand that flexibility is of the utmost importance to our users, and so we offer various storage options to cater to the data compliance needs of each individual organization.
In addition to having multiple storage options available, storage control in the Insomnia enterprise offering allows admins to mandate a specific storage location (cloud or local + Git) as the single source of truth for every user in the Insomnia project. This provides an extra layer of control to help drive compliance across every team and line of business using Insomnia.
This helps avoid proven risks associated with syncing with publicly available GitHub repos. As called out in the [recent data leak coverage](https://www.cloudsek.com/blog/postman-data-leaks-the-hidden-risks-lurking-in-your-workspaces)recent data leak coverage, there have been leaks when, “...collections and environment files are synced or exported and stored in public repositories like GitHub. If sensitive data isn’t masked or sanitized before these files are uploaded, it becomes accessible to anyone with access to the repository. This is a common vulnerability, as developers may inadvertently publish tokens or secrets without realizing the impact.”
*Have full control over where your Insomnia data is stored.*
For those who choose to store their data in the cloud, with Insomnia you can opt-in to having your data encrypted end-to-end on the client side. This means that all encryption keys are generated locally, all encryption is performed before sending any data over the network, and all decryption is performed after receiving data from the network.
At no point in the sync process can the Insomnia servers, or an intruder, read or access your sensitive application project data.
At the end of the day, a good product is truly only as effective as the quality of the team that backs it.
Insomnia is owned and operated by Kong, and when you choose Kong, you get access to the same world-class team that supports the most adopted, battle-tested, and secure API platform — backed by great documentation, 24/7 support, and industry-leading expertise to help you securely govern APIs from design to deprecation.
[See Insomnia in action here](https://konghq.com/events/webinars/api-first-starts-with-insomnia)See Insomnia in action here and [reach out to our team](https://insomnia.rest/pricing/contact)reach out to our team to learn more.
The Demo-to-Production Gap Production reality multiplies complexity exponentially. In production, you need: Multi-tool orchestration with different authentication methods Robust retry logic with exponential backoff and circuit breakers Performance
[](https://konghq.com/blog/enterprise/build-vs-buy-mcp-server-infrastructure)
Traffic patterns shape architectural boundaries and understanding them clearly reveals why different tools are necessary. North-south traffic flows between external clients and your services, crossing the network perimeter in the process. Common e
[](https://konghq.com/blog/enterprise/the-difference-between-api-gateways-and-service-mesh)
CLIs, MCP, and the Real Governance Tradeoffs Shaping Enterprise AI Agents The CLI case is real Let's start with the strongest version of the CLI argument. For well-known tools baked into model training data (e.g., git, grep, curl, jq, docker, kub
[](https://konghq.com/blog/enterprise/cli-vs-mcp-enterprise-ai-governance)
Bring Financial Accountability to Enterprise LLM Usage with Konnect Metering and Billing Showback and chargeback are not the same thing. Most organizations conflate these two concepts, and that conflation delays action. Understanding the LLM showb
[](https://konghq.com/blog/enterprise/llm-cost-management-ai-showback-and-chargeback)
The Anatomy of Architectural Complexity Modern architectures now juggle three distinct traffic patterns. Each brings unique demands. Traditional approaches treat them separately. This separation creates unnecessary complexity. North-South API Traf
[](https://konghq.com/blog/enterprise/microservices-to-ai-traffic-kong-as-the-unified-control-plane)
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team
[](https://konghq.com/blog/enterprise/insomnia-vs-postman-evaluating-api-testing-tools)
Executive Summary AI adoption has moved past the "honeymoon phase" and into the "operational chaos" phase. As enterprises juggle multiple LLM providers, skyrocketing token costs, and "Shadow AI" usage, the need for a centralized control plane has be
[](https://konghq.com/blog/enterprise/ai-gateways-for-scalable-ai-connectivity)