For me the credentials node works fine and is an acceptable solution. Of course I have no objections that the core is adapted for it. I am only thinking that it might not be that easy to change the core for this in a proper way while at the same time the credentials node also provides a solution for this problem.
Maybe the only concern is that I have assumed that the code of the credential node is secure. The current installed version is secure but as the code is not managed by the node-red team we can imagine following maybe paranoid scenario:
- github account of the credential node owner got cracked
- credential node code got updated by malicious person so that it will share the credentials, …
- when people update or install latest version of credential their system becomes compromised (credentials become shared by malicious person)
I am more than happy to take this little risk and most likely (knowing this) I will also not blindly upgrade the credentials node.
One solution to this risk is to incorporate the credentials node in the node red core nodes. This way it is managed by the node-red team and the risk that this code becomes hacked is close to zero.