How to push Node-Red to GitHub without revealing sensitive information?

I would like to share my NodeRed Code in Github as part of an IOT project, however I would like to keep some of my data private (MQTT password, InfluxDB password, etc).

I could manually erase this information, but this would not be very practical, since I would have to do it every time I update the file.

In my python scripts I use os.environ.get to save my passwords and upload to GitHub securely.

¿Is there some way to set up Node-Red to easily push to GitHub without revealing sensitive information?

You can configure them using environment variables in the node configuration. Then they do not exist in the flow. Using environment variables : Node-RED

1 Like

In case you weren't aware, all node credentials are kept in a separate file alongside your flow file. The credentials file is, by default, encrypted using the credentialSecret key in your settings file. As long as you keep that secret out of git, then your credentials will be protected.


The credential secret can be picked up from an environment variable, so then you only need to set that up in the environment.


Also cross posted and answered on Stack Overflow

1 Like

But do check that any 3rd party contrib nodes also store credentials correctly


Thank you, this was very helpfull!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.