# Exec Command

## `exec` command

To perform magic environment variable substitution, use the **`ksm exec`** command.

**Parameters:**

System call or script to run with replaced environment variables

format: **`ksm exec -- <SYSTEM CALL OR SCRIPT>`**

#### Example Linux bash script

{% code title="my\_script.sh" %}

```bash
#!/bin/bash

# Bash script that pulls Keeper secrets 

connect_db() {
  echo "Database Password:" $DB_PASSWORD
}

call_stripe() {
  echo "API Key:" $API_KEY
}

connect_db
call_stripe
```

{% endcode %}

Set a couple environment variables then execute the script:

```bash
$ export DB_PASSWORD="keeper://XXX/field/password"
$ export API_KEY="keeper://XXX/custom_field/API Key"

$ ksm exec -- ./my_script.sh

Database Password: ksv33110sbnb7W@b3VGCHb
API Key: sk_test_MY2A30Ofg6Ukkq2NjMQVo87c
```

#### Example Windows batch file

```
C:\> ksm exec -- my_script.bat
```

#### Example PowerShell script

```
PS C:\> ksm exec -- powershell my_script.ps1
```

## Environment Variable Replacement

Environment variables must be templated so that the CLI can find and replace them correctly. For example:

```bash
export DB_PASSWORD="keeper://XXX/field/password"
export API_KEY="keeper://XXX/custom_field/API Key"
```

{% hint style="info" %}
See the [Keeper Notation documentation](https://docs.keeper.io/en/keeperpam/secrets-manager/about/keeper-notation) for more information on notation query format and capabilities
{% endhint %}

## Example Shell Script

Below is a Linux bash script example. Before an application is started or a command is run, any environment variables that start with **`keeper://`** will be replaced with secret values from the vault. Make sure to replace XXXX with the Record UID of the secret.

```
export MY_PASSWORD=keeper://XXXX/field/password
export MY_OTHER_PASSWORD=keeper://XXXX/field/password[0]
export MY_LAST_NAME=keeper://XXXX/custom_field/Name 2[last]
export MY_SECOND_PHONE=keeper://XXXX/custom_field/phone[1][number]
```

Here's a simple bash script that prints the secrets to the console:

```
#!/usr/bin/env bash
echo
echo "My Password = \${MY_PASSWORD}"
echo "Other Password = \${MY_OTHER_PASSWORD}"
echo "My Last Name = \${MY_LAST_NAME}"
echo "My Second Phone = \${MY_SECOND_PHONE}"
```

And here's the output from executing the bash script with **`ksm exec`**

```
$ ksm exec -- ./my_script.sh

My Password = $71387feh24fE%4416ffFHA
Other Password = YYFash328f^F^@#Fsdfjhsgblqef'f;
My Last Name = Smith
My Second Phone = 123-456-7890
```