username and password are lost when export / import even though they are ENV VARs
Could this be supported?
@HoussemLajili this is the same for all nodes using credentials (not simply MSSQL). Please update your title and description.
That is, as I understand it, a deliberate design choice. It ensures that you don't accidentally reveal sensitive information when exporting flows. It is a very sensible position.
Julian, the point the OP is trying to make is when they export a flow with credentials set to (for example) ${EMAIL_USERNAME} or ${EMAIL_PASSWORD} they are not exported
Exporting credential fields when they are env vars do not pose (a direct) risk & the OP is asking could this be permitted.
Hmm, good point. Though I'm not entirely sure I would agree. I'd need to give it some more thought. But I would say that, despite the fact that many people use them this way, environment variables are not really secure since they are very easily intercepted in-memory.
Perhaps more importantly, how would Node-RED differentiate and would the differentiation be robust enough?
Yes with passwords often needing to include special characters a password ${mypassword} is indeed a possibility
@HoussemLajili
Please refer to this discussion
I think its precisely your ask as well.
This was in context of MSSQL Node .
The recommendation was to move the cred file along with flows.json.
1 Like
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
