Docker and the _cred file

I've been using this fantastic tutorial and I have been able to use a bindMount to update and persist my flows.json file. It works great - but I cannot get the credentials to stick.

I understand and use the environmental variable FLOWS, ex -e FLOWS=my_flows.json
however I would like to have a CRED equivalent. I have not been able to find the environmental variable to match up my flows.json with my flows_cred.json. I thought that Node-Red would look for flows_cred.json in the same directory as flows.json, but my testing shows that to not be the case. I can have a flows file at /bindMount/flows.json but when I deploy, the flows_cred.json is created in the Node-Red root directory instead.

Perhaps I am missing the boat entirely and I am asking the wrong questions. What is the best way to persist and distribute credentials in Node-Red nodes such as the email node across docker deployments?

To anyone else that comes across this - I ended up just using environmental variables. I've come to the conclusion that using the _cred.json file across multiple docker containers is basically impossible; instead, pass in an environmental variable like so:

sudo docker run -d -p 1890:1880 -e NR_EMAIL_PW='xxxxxxxx' aw-node-red:latest

And then in Node-Red, in the password field of the email node for example, put:


For additional context, see:


Turns out that environmental variables is also not the answer - as entering something like


in the email node password field just encrypts that in to the _cred file, which when you move between dockers doesn't track anyways.

Instead, I think the answer is to use the special configuration options in the settings.js file: Configuration : Node-RED

In my Dockerfile, I utilize the /data directory for storage, and the /bindMount folder to move flows files in and out of the container. So, for example, my Dockerfile is like:

FROM nodered/node-red
WORKDIR /usr/src/node-red
WORKDIR /bindMount
COPY package.json /data/package.json
COPY settings.js /data/settings.js
USER root
RUN chown -R node-red:node-red /data
RUN chown -R node-red:node-red /bindMount
USER node-red
RUN npm install --unsafe-perm --no-update-notifier --no-fund --only=production
WORKDIR /usr/src/node-red

but in my settings.js file I set two special fields:

userDir: '/bindMount/code/',


nodesDir: '/data/',

which allows Node-Red to search for my _cred file in the /bindMount directory.

In summary, this allows me to distribute pairs of Node-Red code files, the flows.json and the flows_cred.json, between different docker files via the /bindMount folder, as long as they are all using the same credential secret in the settings.js file that I've built in to the /data directory.

Yup - turns out that updating the Node-Red settings file alone does not solve this, because the official docker build has this line in the ENTRYPOINT file:

/usr/local/bin/node $NODE_OPTIONS node_modules/node-red/red.js --userDir /data $FLOWS &

Well that special flag, --userDir /data, basically overwrites whatever you put in the settings.js file. So even though you can specify where to keep your flows via the FLOWS environmental variable, the _cred.json file is always placed in to the /data folder inside the docker container.

The solution was to overwrite the with my own, by adding an file to my docker folder and this line to my dockerfile:

COPY /usr/src/node-red/

So this was a bit of a journey but its working now and I learned a lot!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.