encrypt

This article assumes knowledge of variables.

The encrypt statement is used to conceal the value of a variable, such that it does not appear in plain text in a USE script.

Syntax

encrypt varname = value_to_be_encrypted

Details

The encrypt statement differs from other statements in that it takes effect before execution of a USE script begins. In this regard is is effectively a directive to the internal script pre-processor which prepares a script for execution.

Comments, quotes and escapes in the value to be encrypted are treated as literal text up until the end of the line.

White-space following the value to be encrypted will therefore be included in the encrypted result.

White-space preceding the value to be encrypted will be ignored and will not be included in the encrypted result.

Encrypting one or more variables

Any variable prefixed with the word encrypt will be encrypted by the pre-processor and the script file itself will be modified as follows:

  • All text (including trailing white-space) from the word following the = character up to the end of the line is encrypted

  • The encrypted value is base64 encoded

  • The original variable value in the USE script is substituted with the result

  • The encrypt keyword for that variable is changed to encrypted

  • The USE script is overwritten on disk in this new form

This process is repeated for all variables preceded by the encrypt keyword.

As a side effect of the encryption process, it is not currently possible to encrypt a value that begins with a space or a tab. This functionality will be implemented in due course.

Using encrypted variables

Once encrypted a variable can be used just as any other, the only requirement being that the encrypted keyword preceding its declaration is not removed or modified.

To change the value of an encrypted variable simply replace the declaration altogether and precede the new declaration with encrypt. Upon first execution, the USE script will be updated with an encrypted version of the variable as described above.

Encrypted values can only be used on the system that they were created on. If an encrypted value is moved or copied to a different installation of Exivity then any attempt to reference or decrypt it will result in something other than the original value.

Example

Firstly, create the script as usual, with encrypt preceding any variables that are to be encrypted:

# ---- Start Config ----
encrypt var username = admin
encrypt var password = topsecret
var server = "http://localhost"
var port = 8080
var api_method = getdetails
# ---- End Config ----
set http_authtype basic
set http_username ${username}
set http_password ${password}
buffer {response} = http GET ${server}:${port}/rest/v2/${api_method}

Secondly, run the script. Prior to execution the script will be automatically modified as shown below:

# ---- Start Config ----
encrypted var username = AGF5dU0KJaB+NyHWu2lkhw==
encrypted var password = b0Sa29tyL+M8wix/+JokjMCdeMwiY9n5
var server = "http://localhost"
var port = 8080
var api_method = getdetails
# ---- End Config ----
set http_authtype basic
set http_username ${username}
set http_password ${password}
buffer {response} = http GET ${server}:${port}/rest/v2/${api_method}