Credentials in API flows

Hello,

I'm trying to use the flows api (GET) to retrieve all configurations.
In the API result there aren't the nodes credentials
For example in mqtt-broker config there are all configurations but there aren't Security configuration.
It it possible to retrieve it?

thank you very much,
D

no - that would be awful for security.

Hi @donalddck

we do not currently return any password credentials via the API - this is to ensure they cannot be accidentally accessed if the admin api were to be left unsecured.

It is something I've been thinking about a bit - there are plenty of cases where, if done properly, it would be useful to be able to access the credentials. We just need to make sure it is done securely and that users don't accidentally expose their credentials.

Your question has prompted me to write up my thoughts on this and to start a discussion on the design here: Provide Admin API access to flow credentials · Discussion #44 · node-red/designs · GitHub

If you, or anyone reading this, has comments on the design, please do chip in - either here, or preferably over on the GitHub discussion linked above.

1 Like