# encrypt {% hint style="info" %} This article assumes knowledge of [variables](https://olddocs.exivity.io/data-pipelines/extract/language/var). {% endhint %} The `encrypt` statement is used to conceal the value of a variable, such that it does not appear in plain text in a USE script. ## Syntax **`encrypt var`***`name = value_to_be_encrypted`* ## Details {% hint style="warning" %} The `encrypt` statement differs from other statements in that it takes effect before the execution of a USE script begins. In this regard, it is effectively a directive to the internal script pre-processor which prepares a script for execution. {% endhint %} {% hint style="danger" %} **Comments, quotes and escapes in the value to be encrypted are treated as literal text up until the end of the line.** White-space following the value to be encrypted will therefore be included in the encrypted result. White-space preceding the value to be encrypted will be ignored and will **not** be included in the encrypted result. {% endhint %} ### Encrypting one or more variables Any variable prefixed with the word *encrypt* will be encrypted by the pre-processor and the script file itself will be modified as follows: * All text (including trailing white-space) from the word following the `=` character up to the end of the line is encrypted * The encrypted value is base64 encoded * The original variable value in the USE script is substituted with the result * The `encrypt` keyword for that variable is changed to `encrypted` * The USE script is overwritten on disk in this new form This process is repeated for all variables preceded by the `encrypt` keyword. {% hint style="info" %} As a side effect of the encryption process, it is not currently possible to encrypt a value that begins with a space or a tab. This functionality will be implemented in due course. {% endhint %} ### Using encrypted variables Once encrypted a variable can be used just as any other, the only requirement being that the `encrypted` keyword preceding its declaration is not removed or modified. To change the value of an encrypted variable simply replace the declaration altogether and precede the new declaration with `encrypt`. Upon first execution, the USE script will be updated with an encrypted version of the variable as described above. {% hint style="danger" %} **Encrypted values can only be used on the system that they were created on. If an encrypted value is moved or copied to a different installation of Exivity then any attempt to reference or decrypt it will result in something other than the original value.** {% endhint %} ## Example Firstly, create the script as usual, with `encrypt` preceding any variables that are to be encrypted: ``` # ---- Start Config ---- encrypt var username = admin encrypt var password = topsecret var server = "http://localhost" var port = 8080 var api_method = getdetails # ---- End Config ---- set http_authtype basic set http_username ${username} set http_password ${password} buffer {response} = http GET ${server}:${port}/rest/v2/${api_method} ``` Secondly, run the script. Prior to execution, the script will be automatically modified as shown below: ``` # ---- Start Config ---- encrypted var username = AGF5dU0KJaB+NyHWu2lkhw== encrypted var password = b0Sa29tyL+M8wix/+JokjMCdeMwiY9n5 var server = "http://localhost" var port = 8080 var api_method = getdetails # ---- End Config ---- set http_authtype basic set http_username ${username} set http_password ${password} buffer {response} = http GET ${server}:${port}/rest/v2/${api_method} ```