# Exec Command ## `exec` command To perform magic environment variable substitution, use the **`ksm exec`** command. **Parameters:** System call or script to run with replaced environment variables format: **`ksm exec -- `** #### Example Linux bash script {% code title="my\_script.sh" %} ```bash #!/bin/bash # Bash script that pulls Keeper secrets connect_db() { echo "Database Password:" $DB_PASSWORD } call_stripe() { echo "API Key:" $API_KEY } connect_db call_stripe ``` {% endcode %} Set a couple environment variables then execute the script: ```bash $ export DB_PASSWORD="keeper://XXX/field/password" $ export API_KEY="keeper://XXX/custom_field/API Key" $ ksm exec -- ./my_script.sh Database Password: ksv33110sbnb7W@b3VGCHb API Key: sk_test_MY2A30Ofg6Ukkq2NjMQVo87c ``` #### Example Windows batch file ``` C:\> ksm exec -- my_script.bat ``` #### Example PowerShell script ``` PS C:\> ksm exec -- powershell my_script.ps1 ``` ## Environment Variable Replacement Environment variables must be templated so that the CLI can find and replace them correctly. For example: ```bash export DB_PASSWORD="keeper://XXX/field/password" export API_KEY="keeper://XXX/custom_field/API Key" ``` {% hint style="info" %} See the [Keeper Notation documentation](/en/keeperpam/secrets-manager/about/keeper-notation.md) for more information on notation query format and capabilities {% endhint %} ## Example Shell Script Below is a Linux bash script example. Before an application is started or a command is run, any environment variables that start with **`keeper://`** will be replaced with secret values from the vault. Make sure to replace XXXX with the Record UID of the secret. ``` export MY_PASSWORD=keeper://XXXX/field/password export MY_OTHER_PASSWORD=keeper://XXXX/field/password[0] export MY_LAST_NAME=keeper://XXXX/custom_field/Name 2[last] export MY_SECOND_PHONE=keeper://XXXX/custom_field/phone[1][number] ``` Here's a simple bash script that prints the secrets to the console: ``` #!/usr/bin/env bash echo echo "My Password = \${MY_PASSWORD}" echo "Other Password = \${MY_OTHER_PASSWORD}" echo "My Last Name = \${MY_LAST_NAME}" echo "My Second Phone = \${MY_SECOND_PHONE}" ``` And here's the output from executing the bash script with **`ksm exec`** ``` $ ksm exec -- ./my_script.sh My Password = $71387feh24fE%4416ffFHA Other Password = YYFash328f^F^@#Fsdfjhsgblqef'f; My Last Name = Smith My Second Phone = 123-456-7890 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/en/keeperpam/secrets-manager/secrets-manager-command-line-interface/exec-command.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.