Can you use catalina.properties? From the docs [1] " All system properties are available including those set using the -D syntax, those automatically made available by the JVM and those configured in the $CATALINA_BASE/conf/catalina.properties file."
[1] https://tomcat.apache.org/tomcat-7.0-doc/config/index.html -----Original Message----- From: Algirdas Veitas [mailto:apvei...@gmail.com] Sent: Monday, January 22, 2018 4:02 PM To: users@tomcat.apache.org Subject: Using Environment variables instead of Java -D properties for context.xml substitution Hi, We have a context.xml under $TOMCAT_HOME/conf that looks like this: <Resource name="jdbc/theDB" auth="Container" type="javax.sql.DataSource" username="${DB_USERNAME}" password="${DB_PASSWORD}" driverClassName="oracle.jdbc.OracleDriver" validationQuery="select 1 from dual" testOnBorrow="true" url="${DB_URL}" /> if we do something like this in setenv.sh, the substitution works great export DB_USERNAME=xyz export DB_PASSWORD=vvv export JAVA_OPTS="$JAVA_OPTS -DDB_USERNAME=$DB_USERNAME" export JAVA_OPTS="$JAVA_OPTS -DDB_PASSWORD=$DB_PASSWORD" However, if on a linux box, if someone did a "ps -ef | grep java", they would be able to see the actual values of these parameters. theuser 127734 1 0 Jan19 ? 00:04:39 /opt/java/bin/java -Djava.util.logging.config.file=/opt/mis/apps/jaspersoft/tomcat/apache-tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -DDB_USERNAME=xyz -DDB_PASSWORD=vvv Which our operations team does not want.... Is there any syntax that Tomcat can recognize to substitute true environment variables (i.e. export DB_USERNAME=xyz) as opposed to Java properties injected into the JVM by -D (i.e. export DB_USERNAME=$DB_USERNAME) ? Haven't been able to find any documentation on it, but thought would ask. Thanks in advance, Al