Not sure if this belongs into the Dashboard or General category, excuse me.
My purposes require me to make a request to /flows (just reloading, so I'm not passing any node information); incidentally I'll need bearer token from /auth/token , which expects my credentials in the request body.
I would pass them as a payload to the http-request node via a function-node, but it seems unwise to write my password into it, as plaintext - saved to the flows.json . I can neither use the hashed password from the settings.js , nor make use of the "Use authentication" option from http-request nodes (because -> expects body).
What are my options here?
Using Node-Red v1.0.2 btw
Only option i can come up with is "throwing one under the boss", having a dummy user with just the flows.write permissions, which can then request the token with the required permissions, but cannot access the Editor.
That dummy account would have a revealed password. And while he cant read the flows, he could still alter the system, if he knows what hes doing. In conclusion, a pretty bad idea imo, but the only option i can see right now.
To could use node-red-contrib-credentials (node) - Node-RED to securely store the password for your flow to use without exposing it.
Having a dedicated user is probably a good idea, although with flows.write permission then can change your flows to do anything.
