Core node to store credentials


Provide a node similar to credential node in the core node set. Another option could be to have a tic in the change/inject node to identify a string as a credential.

I thought to be safe because all my tokens, bearer, passwords are stored in permanent global variables. So there is no risk to use projects and publish flows to github.

Recently I had to change my AWS root key several times - using inject node to update the global variable. And I did commit and push :frowning:

After a short time I got an email from githhub, then multiple email and calls from Amazon - my AWS root key was exposed on the internet.

Point of view
NodeRED is in the core of internet and IoT - a lot of REST API and bearers/tokens/credentials.

Furthermore, security is extremely important. A credential node in the core package is very useful and would make all users more aware of the importance of security.


Why do we need it in the core node-set? It's easy enough to add it from the library if users want to use it.

We have already spoken to the maintainer of the credentials node about incorporating its functionality in the core. It will happen. Just needs time and bandwidth along with everything else.


@Paul: because its sensitive - similiar arguments as in

@knolleary: good decision :slight_smile: Thanks

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.