Hello!

I currently use Nginx as a reverse proxy for my backend services.

Nginx authenticates itself to the backend services using a Token that is generated by a process every 10 minutes and that process is writing the token in the config file and reloading nginx regularly:

location / {
proxy_set_header Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
proxy_pass https://backend;
}

I would like to avoid having a token in plain text. Is there a way to avoid that?
I though of the following options:
- Use env var: But that is impossible nginx doesn't support it
- Query the token by having the process establish a local server. Could work but how can the process return the result as a variable to nginx?
- Pass the config in memory instead of writing it to a file. Could be a simple option but I didn't find a way to do that.

Do you have any idea how I can achieve that?

Thank you!
Hugues