# Encrypted Variables Encrypted variables can be used within streams or preferences to dynamically replace a key with its encrypted value. Unencrypted alternatives to these variables are [Store Variables](/helmut4-releases/helmut4-components/streamdesigner/stream-variable-store.md) or [Temporary Variables](/helmut4-releases/helmut4-components/streamdesigner/nodes/actions/misc-21/stream-set-temporary-variable-action.md). Variables can be applied to any node input where sensitive strings—such as tokens or authentication credentials—are required, ensuring that the actual value is never exposed in an unencrypted state.

Encrypted Variables

To retrieve the still-encrypted value of a key, the wildcard [{helmut.encrypted.variable.?}](/helmut4-releases/helmut4-components/streamdesigner/wildcards/variable-related-wildcards-3/helmut-encrypted-variable.md) must be used. When this wildcard is used, the value will not be displayed in plain text, making it impossible to extract the actual secret.

Actual set value is ABCD .. XYZ

{% hint style="danger" %} Right now only the Vidicore nodes are able to encrypt the variable directly In order to obtain the actual value, the variable needs to be processed via the [Preferences API endpoint](http://repo.moovit24.de:8889/?urls.primaryName=Helmut4%20-%20Preferences#/Preferences/doDecrypt). {% endhint %} ### Set Encryption Key in Stack Within your stack, you need to add a new parameter for the preferences container. Simply extend the existing environment configuration with: ```yaml --encryption.key='mySecret' ``` {% hint style="warning" %} Keep in mind that if you share a stream, or perform a backup and restore on another system, the value may not be resolvable if the encryption keys differ. {% endhint %} 
preferences:
    image: repo.moovit24.de:443/mcc_preferences:4.10.3.0
    # removed entrypoint, volume, network and co for better visability
    environment:
      parameters: 
        --spring.data.mongodb.host=mongodb
        --spring.rabbitmq.host=rabbitmq
        --mcc.fx.url=http://fx:8100/v1/fx
        --mcc.co.url=http://co:8101/v1/co
        --mcc.io.url=http://io:8102/v1/io
        --mcc.hk.url=http://hk:8103/v1/hk
        --mcc.users.url=http://users:8000/v1/members
        --mcc.stream.url=http://streams:8001/v1/streams
        --mcc.preference.url=http://preferences:8002/v1/preferences
        --mcc.metadata.url=http://metadata:8003/v1/metadata
        --mcc.logging.url=http://logging:8004/v1/logging/helmut
        --mcc.amqp.url=http://amqp:8005/v1/amqp/send
        --mcc.license.url=http://license:8006/v1/license
        --mcc.language.url=http://language:8007/v1/language
        --mcc.cronjob.url=http://cronjob:8008/v1/cronjob
        --encryption.key='mySuperSecretKey1234'
\ **Example** If the bearer token of a third-party application is needed for HTTP communication, an encrypted variable can be used. The actual token value will remain hidden in both the debugger and the node configuration, while execution will still correctly resolve and use the value. [^1]: Set your key, which will be used for hashing the value --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.helmut.de/helmut4-releases/helmut4-components/helmutfx/preferences/encrypted-variables.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.