FR: export / import flows WITH the username and password - when they are ENV VARs

username and password are lost when export / import even though they are ENV VARs

Could this be supported?

@HoussemLajili this is the same for all nodes using credentials (not simply MSSQL). Please update your title and description.

That is, as I understand it, a deliberate design choice. It ensures that you don't accidentally reveal sensitive information when exporting flows. It is a very sensible position.

Julian, the point the OP is trying to make is when they export a flow with credentials set to (for example) ${EMAIL_USERNAME} or ${EMAIL_PASSWORD} they are not exported

Exporting credential fields when they are env vars do not pose (a direct) risk & the OP is asking could this be permitted.

Hmm, good point. Though I'm not entirely sure I would agree. I'd need to give it some more thought. But I would say that, despite the fact that many people use them this way, environment variables are not really secure since they are very easily intercepted in-memory.

Perhaps more importantly, how would Node-RED differentiate and would the differentiation be robust enough?

Yes with passwords often needing to include special characters a password ${mypassword} is indeed a possibility

Please refer to this discussion

I think its precisely your ask as well.

This was in context of MSSQL Node .

The recommendation was to move the cred file along with flows.json.

1 Like