Insomnia logo
  • Documentation
  • Get Started for Free
    • Introduction to Insomnia
    • Install Insomnia
    • Send Your First Request
    • Import and Export Data
    • Environment Variables
    • Global Environments
    • Insomnia Accounts
    • Forgotten Passphrase
    • Managing E2EE (End-to-End Encryption)
    • Organizations
    • Enable Enterprise membership
    • Configuring EE SSO
    • Integrating Insomnia Enterprise with Okta SAML 2.0
    • Integrating Insomnia Enterprise with Okta OpenID Connect
    • Integrating Insomnia Enterprise with Microsoft Azure/Entra ID SAML 2.0
    • Insomnia Whitelisting Guide for Enterprise Users
    • Transfer enterprise organizations and license
    • Configuring SCIM
    • Multiple Owners
    • Manage Domains
    • Invite Controls
    • Storage Controls
    • Session Report
    • Insomnia Subscriptions
    • Insomnia Subscription Management
    • Scratch Pad Tutorial
    • Requests
    • Responses
    • Request Collections
    • Request Timeouts
    • Chaining Requests
    • Post CSV Data
    • SOAP Requests
    • gRPC
    • WebSocket Support
    • Get Started with Documents
    • Design Documents
    • Linting
    • GraphQL for OpenAPI
    • Migrate from Designer
    • Unit Testing
    • Stress Testing
    • Insomnia Storage Options Guide
    • Sync with Insomnia Cloud
    • Sync with Git
    • Key Security Features
    • Security Standards
    • Signup and Authentication
    • Analytics Collected
    • End to End Data Encryption
    • Software Bill of Materials
    • Verifying Build Provenance for Signed Insomnia Binaries
    • Authentication
    • Client Certificates
    • Collection Runner
    • Generate Code Snippet
    • Cookie Management
    • Encoding
    • GraphQL Queries
    • Run in Insomnia Button
    • Key Maps
    • Proxy
    • Folder-level settings
    • Introduction to Plugins
    • Context Object Reference
    • Template Tags
    • Hooks and Actions
    • Custom Themes
    • AI Runner
    • FAQ
    • Application Data
    • SSL Validation
    • Password Recovery
    • Introduction to Inso CLI
    • Install Inso CLI
    • CLI Command Reference
      • inso run test
      • inso run collection
      • inso lint spec
      • inso export spec
      • inso script
      • Using Custom Linting with Inso CLI
    • Configuration
    • Inso CLI on Docker
    • Software Bill of Materials
    • Verifying Signatures for Signed Inso CLI Images
    • Verifying Inso CLI Build Provenance
      • Verifying Build Provenance for Signed Inso CLI Images
      • Verifying Build Provenance for Signed Inso CLI Binaries
    • Continuous Integration
    • Insomnia Pre-request Script Overview
    • Insomnia After-Response Script Overview
    • Secret Environment Variables
    • External Vault Integration (Enterprise feature)
    • Insomnia API Mocking Overview
    • Enterprise Login Report

External Vault Integration (Enterprise feature)

For users already using external vault services, Insomnia now supports integration with the following vault service providers:

  • AWS Secrets Manager
  • GCP Secret Manager
  • HashiCorp Vault
  • Azure Key Vault

By integration with external vaults, Insomnia will retrieve the secret values from the external vault automatically when sending requests.

AWS Secrets Manager

AWS Secrets Manager is a service that securely stores, manages, and retrieves sensitive data.

Once integrated with AWS Secrets Manager in Insomnia, you can link environment variables to secrets stored in AWS Secrets Manager and automatically retrieve them when sending requests.

  1. Navigate to the Preferences page and select the Cloud Credentials tab. Click Add Credentials, choose AWS.
    • For temporary security credentials, choose Temporary Credential and enter your credentials. Temp Credential
    • For file credential generated by CLI, choose Credential File and enter your credential file path and credential section name. Credential file
    • For SSO credential generated by AWS CLI, choose SSO Credential and enter your config file path, profile name and credential file path SSO Credential

      Note: Enable Credential Cache will cache the file content in memory. If your file credential or SSO credential are expected to change, uncheck this option to ensure the latest file content is always loaded.

  2. Open the AWS Secrets Manager from the context menu. Context
  3. Fill the information needed for retrieving the secrets, like secret name, secret version and secret type

GCP Secret Manager

GCP Secret Manager is a service that securely stores, manages, and retrieves sensitive data.

Once integrated with GCP Secret Manager in Insomnia, you can link environment variables to secrets stored in GCP Secret Manager and automatically retrieve them when sending requests.

  1. Navigate to the Preferences page and select the Cloud Credentials tab. Click Add Credentials, choose GCP, and select your local service account key file to authenticate with GCP. Input GCP
  2. Open the GCP Secrets Manager from the context menu. Context
  3. Fill the information needed for retrieving the secrets, like secret name and secret version.

HashiCorp Vault

HashiCorp Vault is a service that securely stores, manages, and retrieves sensitive data.

Once integrated with HashiCorp Vault in Insomnia, you can link environment variables to secrets stored in HashiCorp Vault and automatically retrieve them when sending requests.

  1. Navigate to the Preferences page and select the Cloud Credentials tab. Click Add Credentials, choose HashiCorp, and enter your credentials.
  2. For HashiCorp vault server environment choose On-Premises. You can input either AppRole or Token for authentication. HashiCorp Config

  3. For HashiCorp cloud vault environment choose Cloud. You should input the service principal Client Id and Client Secret. HashiCorp Config Cloud
  4. Open the HashiCorp Vault from the context menu. Context
  5. When filling the information needed, we will show different config form based on the HashiCorp environment.

    For cloud environment, filling the information needed: input Organization Id, Project Id, App Name, Version and Secret Name.

    For vault server environment, Insomnia supports retrieving secrets from KV secret engine for version v1 & v2, so users must choose the secret engine version then filling the information.

Azure Key Vault

Azure Key Vault is a service that securely stores, manages, and retrieves sensitive data.

Once integrated with Azure Key Vault in Insomnia, you can link environment variables to secrets stored in Azure Key Vault and automatically retrieve them when sending requests.

  1. Navigate to the Preferences page and select the Cloud Credentials tab. Click Add Credentials, choose Azure.
  2. You will be redirected to your browser to authorize Insomnia to access your Azure account. After authorization, you will be redirected back to Insomnia, where a new credential will be added. The credential’s name will be your Azure account username.
  3. Open the Azure Key Vault from the context menu. Context
  4. Fill the information needed for retrieving the secrets, like Secret Identifier.

External Vault Secrets Cache Mechanism

By default, all secrets retrieved from cloud vault services are stored in memory for 30 minutes. Insomnia will automatically fetch the secret again if the cache expires or does not exist. Users can configure the cache duration and manually reset the cache in the Cloud Credentials tab within the Preferences page.

External Vault Integration In Inso CLI

Inso CLI allows you to use Insomnia application functionality in your terminal and CI/CD environments for automation.

If you want to run collection command with external vault integration in CI/CD pipelines, you need to expose extra environment variables for authentication purpose.

Here’s the list of environment variables needed for different cloud service providers:

AWS

  • Temporary security credentials
INSOMNIA_AWS_TYPE = 'temporary'
INSOMNIA_AWS_ACCESSKEYID = <Access Key ID >
INSOMNIA_AWS_SECRETACCESSKEY = <Secret Access Key>
INSOMNIA_AWS_SESSIONTOKEN = <Session Token>
INSOMNIA_AWS_REGION = <AWS Resource Region>
  • Credential File
INSOMNIA_AWS_TYPE = 'file'
INSOMNIA_AWS_SECTION = <Section Name In AWS Credential File>
INSOMNIA_AWS_FILEPATH = <AWS Credential File Path> (Optional)
INSOMNIA_AWS_ENABLECACHE = <Option To Enable File Cache> (Optional)
INSOMNIA_AWS_REGION = <AWS Resource Region>
  • SSO Credential
INSOMNIA_AWS_TYPE = 'sso'
INSOMNIA_AWS_SECTION = <Profile Name In AWS Config File>
INSOMNIA_AWS_CONFIGFILEPATH = <AWS Config File Path> (Optional)
INSOMNIA_AWS_FILEPATH = <AWS Credential File Path> (Optional)
INSOMNIA_AWS_ENABLECACHE = <Option To Enable File Cache> (Optional)
INSOMNIA_AWS_REGION = <AWS Resource Region>

GCP

INSOMNIA_GCP_SERVICEACCOUNTKEYFILEPATH = <GCP Service Account Key File Path>

HashiCorp

  • Hashicorp Cloud Platform
INSOMNIA_HASHICORP_TYPE = 'cloud'
INSOMNIA_HASHICORP_CLIENT_ID = <HCP Service Principal Client Id>
INSOMNIA_HASHICORP_CLIENT_SECRET = <HCP Service Principal Client Secret>
  • HashiCorp Vault Server
    • App Role

      INSOMNIA_HASHICORP_TYPE = 'onPrem'
      INSOMNIA_HASHICORP_AUTHMETHOD = 'appRole'
      INSOMNIA_HASHICORP_SERVERADDRESS = <Hashicorp Vault Server Address>
      INSOMNIA_HASHICORP_ROLE_ID = <Hashicorp Vault Server App Role ID>
      INSOMNIA_HASHICORP_SECRET_ID = <Hashicorp Vault Server App Role Secret ID>
      
    • Token

      INSOMNIA_HASHICORP_TYPE = 'onPrem'
      INSOMNIA_HASHICORP_AUTHMETHOD = 'token'
      INSOMNIA_HASHICORP_SERVERADDRESS = <Hashicorp Vault Server Address>
      INSOMNIA_HASHICORP_ACCESS_TOKEN = <Hashicorp Vault Server Access Token>
      
Edit this page
Report an issue
    COMPANY
  • Insomnia
  • Blog
  • Changelog
  • Pricing
  • Careers
    PRODUCTS
  • Insomnia
  • Inso (CLI)
    RESOURCES
  • Sign In
  • Documentation
  • Support
    LEGAL
  • Privacy Policy
  • Terms & Conditions
© Kong Inc. 2021