Run Newman (Postman CLI) in TeamCity with Secrets

Postman is a perfect tool to start API testing. And Newman is a way to run your Postman collections on the command line. With Newman you can easily run tests in your own CI tool: TeamCity, Jenkins and so forth.

Despite the fact that Postman and Newman allow to keep variables in different scopes, there is a security case, when you are not allowed to store data (passwords, tokens or any authentication credentials) in plain text.

If you put a token in Postman’s Globals or Environment variables and export variables into a file (for further use by Newman), your token’s value will be in plain text. Everyone with access to these files could see and exploit it.

To eliminate security-related risks you can keep secrets inside CI tools. For example, TeamCity allows to hide the actual value of a variable through Typed Parameters.

The idea looks simple:

  1. Keep secrets in TeamCity;
  2. Run TeamCity build;
  3. Get secrets from environment variable and generate globals.json for Newman as a build step;
  4. Run Newman as a build step.
Run Newman (Postman CLI) in TeamCity with Secrets

Create Scripts

  1. Understand the structure of My_Workspace.postman_globals.json file:

Postman → Environments → Globals → [Export]

As noted above, you can see the token’s value in plain text
postman_globals.json file — as noted above, you can see the token’s value in plain text

This JSON you need to generate.

2. Write a script which generates the same JSON structure, pull the required environment variable and add it to the JSON, create a file.

3. Export Postman Collection (*.postman_collection.json file).

My test collection is based on one handler of OpenWeather API. It requires a token to respond 200 OK.

Test collection
Test collection

4. Write a script which runs Newman as a library.

5. Test your scripts locally before running them in CI.

Local testing
Local testing

To test local accessing the environment variable you need to add token to shell environment:

export TOKEN={your_secret_token}

Create Build

Creating a build configuration in TeamCity is a quite nontrivial process. I will show only the parts related to Newman run.

Add Token

In TeamCity build configuration → Parameters → [Add new parameter]

Add new parameter
Add new parameter

Fill the fields:

Name = env.TOKEN
Kind = Environment variable (env.)
Value = {your_secret_token}
Spec → click [Show raw value] = password display=’hidden’ readOnly=’true’

After [Save] your variable’s value will be hidden.

Environment Variable (env.) and hidden value
Environment Variable (env.) and hidden value

Add Build Steps

On each step I run one script file by Node.js.

2. Generate globals for Newman & 3. Run Newman
Build Steps
Build Steps

When you [Run] build, everything should work.


For the reason that all private data is separate from the code, I can post the example on GitHub without fear of token leaks.




Quality assurance engineer

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

JavaFX Setup With Eclipse on Mac

Let’s Create a 3 tier Architecture

lifetimAryel is back! (2022)

Learn by Building — Motivated Programming

What is phase balancing in OCPP Smart Charging?

Phase balancing with Ampcontrol

Azure User Defined Routing

DynamoDB Library with NodeJS

CS371p Spring 2022: Mar 28-Apr 3

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Andrey Enin

Andrey Enin

Quality assurance engineer

More from Medium

Protractor Tutorial: Handling iFrames & Frames in Selenium

Test Data Management

How does Selenium Page Factory work with Cucumber?

Run your Selenium Script pushed to GIT repository using Jenkins Job