Hi everyone,
I'm a bit new to Node Red and unfortunately I used a password in a config node which can't be reset and so I thought maybe I can decrypt the flows_cred.json, for that I would need the credentialSecret. I have never set a user or password when starting Node Red. In settings.js it only says “admin” and in .config.runtime.json I couldn't find it either.
I hope you can help me with this.
Thanks in advance, best regards
It seems this suggestion doesn't apply on Windows - deleted.
Unless you set it implicitly in settings.js, you should be able to find an auto-generated credentialSecret in .config.runtime.json in your node-red user (home) directory
@omrid
Thanks for your quick reply, unfortunately I only have the following in .config.runtime.json
{
"instanceId": "aecf556ec9c47e38"
}
Nevermind i midd read the question.
I would think if you never set a secret, then may be setting one and restarting node-red may encrypt to the new secret.
This could should decrypt the credential file and show all item in the console, creat a file called show_creds.js with below code in your .node-red directory. Then run the command comment in first line in that directory.
// run "node show_creds flows_cred.json <secret>" in node-red directoy
const crypto = require('crypto');
let encryptionAlgorithm = "aes-256-ctr";
function decryptCreds(key, cipher) {
let flows = cipher["$"];
lry initVector = Buffer.from(flows.substring(0, 32),'hex');
flows = flows.substring(32);
let decipher = crypto.createDecipheriv(encryptionAlgorithm, key, initVector);
let decrypted = decipher.update(flows, 'base64', 'utf8') + decipher.final('utf8');
return JSON.parse(decrypted);
}
let creds = require("./" + process.argv[2]);
let secret = process.argv[3];
let key = crypto.createHash('sha256').update(secret).digest();
console.log(decryptCreds(key, creds));
The problem I seem to have is that I have not set a credentialSecret and cannot find one in .config.runtime.json. If I now set one manually and restart Node Red I only get the message that all passwords are gone when I deploy something. That's not the way, is it?
A credentialSecret must be stored somewhere, otherwise Node Red itself would not be able to decrypt the flows_cred.json, but where?
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy