Not sure if this belongs into the Dashboard or General category, excuse me.
My purposes require me to make a request to /flows (just reloading, so I'm not passing any node information); incidentally I'll need bearer token from /auth/token , which expects my credentials in the request body.
I would pass them as a payload to the http-request node via a function-node, but it seems unwise to write my password into it, as plaintext - saved to the flows.json . I can neither use the hashed password from the settings.js , nor make use of the "Use authentication" option from http-request nodes (because -> expects body).
Only option i can come up with is "throwing one under the boss", having a dummy user with just the flows.write permissions, which can then request the token with the required permissions, but cannot access the Editor.
That dummy account would have a revealed password. And while he cant read the flows, he could still alter the system, if he knows what hes doing. In conclusion, a pretty bad idea imo, but the only option i can see right now.