How to create a config node that contains credentials

I am creating a config node to be used in some of my other nodes. The information includes a url and an auth token which is not something I want exposed, so I designed the config node to store this information as credentials rather than properties.

For the most part, everything works fine -- I can create a new config node and I see the label I am generating from within the editor for the node I am using it in.

Here is what it looks like in the node editor when I initially create the "Server" config node, with the label I am generating:

But, after I hit Deploy for the flow, if I reopen it now I only see the id of the config node, and not the label that I assigned. More problematically, I cannot access the credentials within the config node from the editor at that point (which I need to dynamically populate a dropdown). The editor now looks like this:

Am I doing something wrong? How can I access the credentials within the config node after a deply?

I should have included a snippet of my code. In my oneditprepare of the node that is using the config, I have this, to retrieve the config info:

  var serverId = $('#node-input-server option:selected').val();
  var conn = RED.nodes.node(serverId);
  if (conn && conn.credentials) {
      // if I get here I can access the credentials stored in the node, which is what I want...

So the issue is that after hitting Deploy, when I open the node in the editor and retrieve the conn object above, it no longer has the credentials property. Only if I then go an open the config node itself, press Update there and return, will I have access to those credentials.

Hope that makes sense, as far as stating my problem...

Hi Dave,

based on 3 lines of code, it is very hard to guess what is going wrong.
I sometimes use credentials in a config node (like e.g. here), which I then use in my other nodes (e.g. here). You might have a look at that code, and hopefully it might give you an idea of what is going wrong in your case.

Bart

Thanks Bert!

At first glance, I seem to be doing the same as you. I wonder about this line, where after retrieving the config node you have to check if it has credentials. I am doing the same, and after I have Deployed changes and then re-opened the using node, that is when the config object does not have a credentials property. Since you have the check, I am wondering in what cases you would expect not to get a 'credentials' property?

As far as my code, [here] is my config node definition, and [here] is where I use it in another node, and attempt to retrieve the credentials during oneditprepare. Again, this is what fails if I deploy changes and then reopen the node

Sorry, links were missing:

here

and

here

is what I meant to include

Morning,
I'm not 100% sure anymore, but I think my node works like this:

  1. If a user creates a new config node, then that config node will be on the client side (i.e. in the flow editor) containing the credentials as plain text. At this point you can read the credentials in the client side code, which means you will arrive inside the IF statement.

  2. But the config node (and its credentials) is not on the server available yet, since he hasn't deployed yet. When the user would trigger a server side action at this moment in my media node, that wouldn't work because the server doesn't know the config node (i.e. the credentials) yet. Therefore I pass the (undeployed) credentials to the server:

    image

    Otherwise it would be confusing: you create a config node, add your credentials but nothing works (until you deploy)...

  3. However as soon as you deploy, Node-RED will store the credentials in a secure storage and remove them as plain text properties of your config node! From now on your credentials will only be available inside the config node on the server side, to assure that other (malicious) nodes cannot read it anymore. Which is a good thing! On the client side, from now on you only know whether there are credentials but you don't have the credentials values themselves anymore. I don't remember it 100% anymore, but you can read about it in one of my older discussions.

  4. So after a deploy you won't arrive anymore inside the IF statement. But when you have a look at the server side - where the config node handles the ajax call - you will see that I pass the request to the config node, and inside the config node I check whether the credentials are being passed from the client or not:

You will see there is a TODO in the code, because these Onvif nodes have not been published on NPM yet. So keep in mind that this might not be 100% production proof code!!!! But hopefully you will get an understanding of how it works...

If you find any bugs in my code, don't hesitate to share it so I can fix it!!!

Hopefully my explanation isn't too much mind-blowing ...

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.