Credentials could not be decrypted after restart

How can I remove need to enter credentials after each restart, re-boot or power cycle?

Scenario:
Start - I get credential problem

Configure token for influx V2 , deploy FULL
connection to influxdb works
Restart Flows

  • shows error above BUT influxDB actually still working

Restart Process (pm2 restart node-red) or reboot

  • credential warning as above
  • all credentials lost need to re-enter

I have previously had this working just fine.

My config:

uname -a
Linux e45f013eb289 5.10.92-v8+ #1514 SMP PREEMPT Mon Jan 17 17:39:38 GMT 2022 aarch64 GNU/Linux

cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian

/home/pi/.pm2/logs/node-red-out.log 
Welcome to Node-RED
===================


10 Mar 07:00:56 - [info] Node-RED version: v2.2.2
10 Mar 07:00:56 - [info] Node.js  version: v14.19.0
10 Mar 07:00:56 - [info] Linux 5.10.92-v8+ arm64 LE
10 Mar 07:00:57 - [info] Loading palette nodes
10 Mar 07:00:58 - [info] Settings file  : /home/pi/.node-red/settings.js
10 Mar 07:00:58 - [info] Context store  : 'File' [module=localfilesystem]
10 Mar 07:00:58 - [info] Context store  : 'default' [module=memory]
10 Mar 07:00:58 - [info] User directory : /home/pi/.node-red
10 Mar 07:00:58 - [warn] Projects disabled : editorTheme.projects.enabled=false
10 Mar 07:00:58 - [info] Flows file     : /home/pi/.node-red/flows.json
10 Mar 07:00:58 - [info] Server now running at http://127.0.0.1:1880/
10 Mar 07:00:58 - [warn] Error loading credentials: SyntaxError: Unexpected token � in JSON at position 0
10 Mar 07:00:58 - [warn] Error loading flows: Error: Failed to decrypt credentials
10 Mar 07:00:58 - [info] Starting flows
10 Mar 07:00:59 - [info] Started flows
10 Mar 07:00:59 - [info] [mqtt-broker:MosquittoLocal] Connected to broker: nodejsdg@tcp://localhost
10 Mar 07:01:06 - [error] [influxdb out:tiqclient v2] HttpError: unauthorized access
    at IncomingMessage.<anonymous> (/home/pi/.node-red/node_modules/@influxdata/influxdb-client/dist/index.js:16:3853)
    at IncomingMessage.emit (events.js:412:35)
    at endReadableNT (internal/streams/readable.js:1334:12)
    at processTicksAndRejections (internal/process/task_queues.js:82:21)

node --version
v14.19.0

settings.js:
    flowFile: 'flows.json',
    credentialSecret: 'my-secret',

flows & credentials

flows.json
flows_cred.json

Hi David, welcome to the forum.

Could you do a test please (need to see if this is repeatable)...

  1. Stop node-red
  2. Rename /home/pi/.node-red/flows_cred.json to /home/pi/.node-red/flows_cred.json.bad
  3. Start node-red
  4. Re-enter credentials
  5. Stop / start / test node-red
1 Like

Thankyou, since you reply I have been testing multiple similar scenarios.
Unfortunately no luck.
I am wondering if the memory based

4. Re-enter credentials
Reentered - no _cred file
Deployed FULL
Hmmm ... no flows_cred.json
I am wondering if the following is an issue
10 Mar 07:00:58 - [info] Context store : 'default' [module=memory]

pi@myhost:~/.node-red $ ls
context  flows_cred.json.bad  flows.json  lib  node_modules  package.json  settings.js

5. Stop / start / test node-red
No success.
Token configuration empty...

at the end I do not have a new flows_cred.json

xxxx:~/.node-red $ ls
context  flows_cred.json.bad  flows.json  lib  node_modules  package.json  settings.js

I suspect this is the problem (despite the fact I had previously see the contents of flows_cred.json change???!!!

Deploy FULL again

xxx:~/.node-red $ ls
context  flows_cred.json  flows_cred.json.bad  flows.json  lib  node_modules  package.json  settings.js

_cred exists

pm2 stop node-red
pm2 start node-red

refresh UI

I am sure if I reenter token all will be OK...
flows_cred.json

FYI
I think the following problem is not from the _cred file but as a result of a failed decription...

10 Mar 07:00:58 - [warn] Error loading credentials: SyntaxError: Unexpected token � in JSON at position 0
1

{"$":"57db50xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxRjYL7hqLV"}

... so now I am totally lost!

No, the Context store has nothing to do with the credentials, that is not related.

Lets test the credentials file outside of node-red

This blog post has a short snippet of code that will show the decrypted content.

Put that code in a file in /home/pi/.node-red and run it with the name of the creds file and the secret on the command line

It should output a JSON object if the secret matches what is being used by Node-RED

1 Like

Which version of node red (see bottom of menu drop down) and nodejs are you using? The command
node -v
Will tell you the nodejs version.

Thankyou @hardillb , apart from run your script I am unaware of any real change I made (probably I did).

It now works!!!

Nice script though. Thanks!