Specifying passwords indirectly

Any JSON parameter or system environment variable used for one-touch Domino setup that takes a password as a value can be specified indirectly through the use of keywords.

About this task

Rather than specify a password value directly in a JSON file or with system environment variables, for improved security, you can substitute the password value with one of the keywords described in the following table.
Table 1. Keywords to use to provide passwords indirectly
Keyword syntax Example Description
@Prompt:<password-prompt> @Prompt:Administrator password Prompt for and verify the password from the console of the Domino server that runs setup.
Optionally, use <password-prompt> to specify text for the prompt. If not specified, the following default text is used for each type of password:
  • CertifierPassword
  • OrgUnitPassword
  • AdminPassword
  • ServerPassword
  • ID Vault password
@Env:<system-env-var-name> @Env:ADMIN_PASSWORD Get the password from a specified system environment variable.
@File:<password-file> @File:adminpass.txt Get the password from an operating system file and then delete the file. The specified file must allow read and write access to the identity running Domino. Specify the full path to the file.
@Secret:<password-secret-file> @Secret:/secrets/adminpass.txt Get the password from a "secrets" file. This option is intended for use with Kubernetes secrets or any similar functionality that exposes data securely in files system files that have limited access. The specified file must allow read access to the identity running Domino.

For more information about secrets files in the context of Domino on Docker, see Creating a secrets file for a password-protected server ID.