Hi.
Request
Provide a node similar to credential node in the core node set. Another option could be to have a tic in the change/inject node to identify a string as a credential.
Background
I thought to be safe because all my tokens, bearer, passwords are stored in permanent global variables. So there is no risk to use projects and publish flows to github.
Recently I had to change my AWS root key several times - using inject node to update the global variable. And I did commit and push
After a short time I got an email from githhub, then multiple email and calls from Amazon - my AWS root key was exposed on the internet.
Point of view
NodeRED is in the core of internet and IoT - a lot of REST API and bearers/tokens/credentials.
Furthermore, security is extremely important. A credential node in the core package is very useful and would make all users more aware of the importance of security.