# Environment Provider

Use Environment variables to hold secrets and use them in Kafka Connect.

{% hint style="danger" %}
Secrets will only be reloaded if the Connector restarts.
{% endhint %}

## Configuration

Example Worker Properties:

{% code title="worker.props" %}

```properties
config.providers=env
config.providers.env.class=io.lenses.connect.secrets.providers.ENVSecretProvider
config.providers.env.param.file.dir=my-secret-dir
```

{% endcode %}

## Usage  <a href="#usage" id="usage"></a>

To use this provider in a connector, reference the ENVSecretProvider environment variable providing the value of the connector property.

The indirect reference is in the form **${provider::key}** where:

* **provider** is the name of the provider in the worker property file set above
* **key** is the name of the environment variable holding the secret.

For example, if we store two secrets as environment variables:

* MY\_ENV\_VAR\_USERNAME with the value lenses and
* MY\_ENV\_VAR\_PASSWORD with the value my-secret-password

we would set:

{% code title="connector.props" %}

```properties
name=my-sink
class=my-class
topics=mytopic
username=${env::MY_ENV_VAR_USERNAME}
password=${env::MY_ENV_VAR_PASSWORD}
```

{% endcode %}

This would resolve at runtime to:

```properties
name=my-sink
class=my-class
topics=mytopic
username=lenses
password=my-secret-password
```

## Data encoding  <a href="#data-encoding" id="data-encoding"></a>

This provider inspects the value of the environment to determine how to process the value. The value can optionally provide value metadata to support base64 decoding and writing values to files.

To provide metadata the following patterns are expected:

where value is the actual payload and metadata can be one of the following:

* ENV-base64 - the provider will attempt to base64 decode the value string
* ENV-mounted-base64 - the provider will attempt to base64 decode the value string and write to a file
* ENV-mounted - the provider will write the value to a file

if no metadata is found the value of the environment variable is returned.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/connectors/secret-providers/environment.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.