We use Jenkins/Newman/Postman for CICD. How do we hide the client credentials and not hard-code them in the Postman requests. Ours doesn't work to just use the "Current Value" values. We have to also put them in the "Initial Values" variable.
This must be a vulnerability and bad practice.
You can use this flag in the command to inject values in at runtime. This resolves the equivalent {{var_name}} that you have in the Collection.
This can take values store as system environmental variables on your machine on in Jenkins and referenced use the specific syntax of that system.
--env-var "=" Allows the specification of environment variables via the command line, in a key=value format. Multiple CLI environment variables can be added by using --env-var multiple times, like so: --env-var "foo=bar" --env-var "alpha=beta".