Credential management


I doesn't understand how the credential works in node-red.
I read about the flow.cred.son, the setting file to choose the hash key and so on.
But i didn't find an simple explanation to store a credential and use it in a flow. Someone can help?

What i want :

  • save some credential
  • retrieve one and use it in the flow

I aware that i can use some crypto and store the value in a separate file but if node-red have a build-in functionnality, i prefered use it.

I seek for someting clear but the forum is flood by exporting flow issue and i couldn't find something in the doc or in the cookbook.


Credentials are specific to a node.

When the node is written you flag which of it's properties should be considered credentials and these are then encrypted with the key mentioned and stored in the separate file. They can be retrieved by the js portion of the node when it is initialised and used as needed.

It sounds like you want to store arbitrary values as credentials and use them in your flow (e.g. pass them into a later http-request node)?

This is not something supported by the built in credentials system.

Just to be clear, this happens when the author of the custom node designs and builds it. It isn't something user selectable.

If I remember rightly, there is a custom node that lets you pass something out to and retreive something as a credential.

If you want to make use of credentials in your flow (for example in a Function node) then you can use this node: node-red-contrib-credentials (node) - Node-RED

It lets you store values in the flow credentials flow and retrieve them to use in your flow.

You have actually reminded me that I spoke to its author ages ago about pulling it into the core as its a genuinely useful thing to have. We should follow up on that.


Maybe it would be worth considering adding a feature to make it another standard type as with global/flow/context variables?

1 Like

That would make a lot of sense from an end-user perspective. The implementation is harder though given how credentials are managed. Nodes have to declare to the runtime what properties are credentials. The contrib-credentials node declares a single property which it stores all of its credentials under and the runtime doesn't need to know about the individual values.

To allow any TypedInput to have a credential type would mean any node could have an indeterminate number of credentials - which makes them harder to manage. But that's a problem for me to solve in the core.

1 Like

We like to keep life interesting for you :grinning:

Maybe a quick win to adopt the current node with the further integration later?


Thx for all the replies.

@knolleary I know the contrib-credential but it have a issue wich is the hiden password field is not hiden. That means you can not let someone see the flow on the device if you don't want give him the password.

So, go with contrib-crypto-js and make another file to handle the credentials seems to me a good alternative. Do you agree with that?

I don't quite understand what you mean.

As far as I know, the node stores credentials in the credentials file, which should be encrypted. Can you expand on what the issue is?

@knolleary When you use the contrib-credential, in the node editor, if you set the value to be hiden it doen't hide it.

I think again about my use case and i think i will go with the contrib-credential and put it inside a subflow. It will be great to have the possibility to put a msg properti in the env variable of the subflow, it is in your plan?

Have you ever think to hide a property in the debug tab that come out of a specific node for some user ? Like a specific node which contain a property to put a user and if this user is not the current user the user property couldn't be change and the message wouldn't be treated by the debug node.

@knolleary Nick, Just took a look at the issues for the node and it seems this cropped up about NR v1.02
(see Hidden field not hidden) ad a fix was created and offered for merging in May of 2020 but has not been applied.

@Ostro You should add your voice to the issue on GitHub: Hidden field not hidden

No, That is not going to happen. Subflow Properties are evaluated when the flow starts - they cannot dynamically changed.

No - nothing like that has been discussed.

Okay - I'll put this topic on the backlog for 2.1.0. Whether we introduce an equivalent node into the core, or find another way to integrate credential values, I don't know. But we can give it some proper thought.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.