Hidden configurations

Background

The Hidden Configurations are configuration data that is not transferred to the client and stays on the server. Therefore, these are “hidden” from the user, but are readable on the server itself in plain text. Even in the manager, this information is readable in plain text.

This does not create a secure environment for itself. However, this can create a secure environment in which the web server must be configured so that the user does not gain access to the manager.

Important

If a Error Log is passed to the developers in the support, the content of the hidden configuration is not included and thus remain hidden from the developers.

If and in what form widgets and plugins require information from the hidden configuration is described in their respective documentation.

Construction

The hidden configurations are stored in the file config/hidden.php. This file can be edited via a normal text editor as well as via the Manager.

The content consists of several entries containing a name with several key and value pairs. In the file itself, this information is stored as a PHP array:

<?php
// File for configurations that shouldn't be shared with the user
$data = '{
  "fritzbox": {
    "uri": "https://192.168.0.1:49443/",
    "user": "CometVisuTestUser",
    "pass": "secret"
  },
  "influx": {
    "uri": "https://172.17.0.1/proxy/ts/query",
    "user": "docker",
    "pass": "secret",
    "selfsigned": "true"
  }
}';
$hidden = json_decode($data, true);

Manager

Conveniently, the content of the hidden configuration can be edited via the Manager.

../_images/hidden_config.png

Known Name Entries

Even if the choice for the name is basically free, there are usual entries for it, which are recommended to be used. Thus, some widgets or plug-ins without an explicit configuration can look in the usual name for entries, which can reduce the configuration effort.

Name

Usage

Default

fritzbox

The tr064 Plugin

influx

The diagram plugin

X