Hidden configurations


The Hidden Configurations are configuration data that is not transferred to the client and stays on the server. Therefore, these are “hidden” from the user, but are readable on the server itself in plain text. Even in the manager, this information is readable in plain text.

This does not create a secure environment for itself. However, this can create a secure environment in which the web server must be configured so that the user does not gain access to the manager.


If a Error Log is passed to the developers in the support, the content of the hidden configuration is not included and thus remain hidden from the developers.

If and in what form widgets and plugins require information from the hidden configuration is described in their respective documentation.


The hidden configurations are stored in the file config/hidden.php. This file can be edited via a normal text editor as well as via the Manager.

The content consists of several entries containing a name with several key and value pairs. In the file itself, this information is stored as a PHP array:

// File for configurations that shouldn't be shared with the user
$data = '{
  "fritzbox": {
    "uri": "",
    "user": "CometVisuTestUser",
    "pass": "secret"
  "influx": {
    "uri": "",
    "user": "docker",
    "pass": "secret",
    "selfsigned": "true"
$hidden = json_decode($data, true);


Conveniently, the content of the hidden configuration can be edited via the Manager.


Known Name Entries

Even if the choice for the name is basically free, there are usual entries for it, which are recommended to be used. Thus, some widgets or plug-ins without an explicit configuration can look in the usual name for entries, which can reduce the configuration effort.





The tr064 Plugin


The diagram plugin