Skip to main content
Version: 8.2405.x.x RR

Passwords - syntax

Use the following syntax to avoid plaintext passwords in the web.xml file or for the indicated variables in the navajo.xml file:

${<type>:<parameters>}

<type>: Either "exec" or "env".

<parameters>:

  • Type "env": The <parameters> part is a string with the environment (env)variable to look for. This envvariable is usually configured in the configuration file env.conf.
  • Type "exec": The <parameters> part is the command to execute. The resulting value should be written into the standard output (stdout) by the executing program. For example:
 ${exec: cat /var/opt/nevisproxy/default/mySecret.txt}

Be aware of the following:

  • No newline character is allowed in a password using the exec syntax because the output of the exec command is read up to the first newline (if any). The newline itself and everything after it is ignored.
  • The called exec command should not be a blocking command, or you risk to block the proxy itself.
  • You can use the timeout command to set a limit to the execution of a command. Keep in mind: This only works on systems that support the timeout command. The duration (<DURATION>) is set in seconds. As soon as the execution of the command exceeds the defined duration, the system aborts the execution. The syntax is:
${exec: timeout <DURATION> <COMMAND>}

nevisProxy provides a variable replacement mechanism in its configuration files, so that secret values can be stored separately. This variable replacement mechanism is supported in the web.xml and partly in the navajo.xml. The attributes that support the variable replacement mechanism are labeled accordingly in the attribute's description in this reference guide.