Storing sensitive details in a file as plain text is risky. In some cases where you need to hold the values of variables, your best option is to replace them from the console. If you are writing an automation script or other files such as YAML, the envsubst replaces the variables easily. We will see how you can go about that in this article.
How Does the Envsubst Work?
The envsubst does the work of replacing the variables. It searches for patterns from input, and when it finds a match, it replaces it with the variable value. If the pattern yields no corresponding match, it replaces it with an empty string.
Its basic syntax is as follows:
1 | $ envsubst [option] [shell-format] |
Replacing Variables in a File
Suppose you have a simple text file with variables that only need to be set when using the file, the envsubst can perfectly handle the job.
Let’s create a sample sample.txt file and create two variables for the USERNAME and PASSWORD.
To use envsubst, we first need to export the values for the two variables:
1 2 3 | $ export USERNAME=”kaila” $ export PASSWORD=”pasWord” |
With the variables exported, you can now invoke the envsubst command:
1 | $ envsubst < sample.txt |
Our output for this case will be:
You’ve successfully used envsubst to replace the variable values in a file.
Also, you can unset the variables by typing unset, followed by the variable name. If you run the envsubst again, it will display the file without the previously set values. Take a look at the following:
If you don’t want the envsubst to display output on the working space, you can combine it with the less command.
1 | $ envsubst < sample.txt | less |
Piping Envsubst Substitution to Another File
You may also need to pipe the output into another file instead of displaying it on the console. For instance, let’s create a configuration file that you can post on your site or run with a bot. In this case, you can’t add confidential details as plaintext. The solution is to use envsubst.
Create a sampleconfig.conf file and add the text like in the following image:
USER_PASSWORD=
1 | $ nano sampleconfig.conf |
Our file looks like this:
Let’s export our variables.
Now, to use the envsubst while piping the output to a new file, the command is as follows:
1 | $ envsubst < sampleconfig.conf >output1.txt |
If we cat the contents of the output1.txt, we see that the command works in replacing the variables.
Specifying the Variables to Replace
So far, we’ve seen how to replace the variables containing a dollar sign. It’s possible to set two or more variables and export them. But we can only replace the specific ones.
Let’s create a similar file as we had earlier and add two more variables to it.
Proceed to export the variables.
To specify which variable to replace, set its name and ensure to use the single apostrophes to prevent its substitution before the call is made.
In our case, we replace the USER1.
1 | $ envsubst '$USER1' < sampleconfig.conf |
You can also replace two variables as shown in the following:
1 | $ envsubst '$USER1, $USERNAME' < sampleconfig.conf |
You only need to separate the variables with a comma and use a single apostrophe to enclose the two variables, as shown in the following example:
Conclusion
The envsubst Linux command is a great tool to replace your variables in the files. It’s helpful when you need to mask confidential information such as passwords and only replace them when needed. The good thing with envsubst is that you can use it with different file types, pipe its output to another file, or even use it as an input for another command.
We’ve covered the envsubst command in this guide, and the examples help you visualize and understand its usage with ease.
