Hi Nick,
This is in discussion to the suggestion in the post
We did the changes - and kept the cred file common across envs. Now the slave environments - fail on being able to decrypt the cred file.
Is there some key or something else which also should be kept common across environments ? I checked settings file but unable to find any such setting. So not sure.
If you had not set credentialSecret in your settings file, then Node-RED will have been displaying this warning every time it started up:
---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.
If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.
You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------
If you have not yet set that key, then Node-RED will be using a system generated key. As the warning says, you should provide your own key via credentialSecret in the settings file, restart Node-RED, then deploy a change - that will cause it to reencrypt the credentials file using your key.
You can then copy the files to another device and as long as you have credentialSecret set, it will be able to read the file.
Noted. Will come back. Thanks Nick for the super prompt response.
Net-Net as i understoood crendentialSecret across all envs in my case needs to be same right ?
You need to use the same key on any device you want to decrypt the flows encrypted with that key.
Noted Nick. Once again Thank You.
Hi Nick,
Does this make sense ?
Also in our case NR GUI itself doesnt come up. NR keeps crashing with error messages in #4.
We are running NR via. kubernetes. How can we set the SAFE mode. I checked online. Found this link
https://nodered.org/docs/getting-started/docker
Can i set NODE_RED_ENABLE_SAFE_MODE in the env. Will env read it from there ..against cmd line ?
#4) @Steve-Mcl ...
Adding you to this discussion .
Background :- Per the discussion for keeping MSSQL credentials - we stored {MY_USER} and {MY_PASS} in cred file and have moved it other env. Problem is NR doesnt even come up.
On startup - we see below MSSQL node errors by the process :-
14 Jun 05:44:38 - [info] [MSSQL-CN:APPNAME] Error connecting to server : xxxx-appname-pet-sqlsvr.database.windows.net, database : APPNAME_DB, port : 1433, user :
ConnectionError: Connection is closed.
at Request._query (/usr/src/node-red/node_modules/mssql/lib/base/request.js:497:37)
at Request._query (/usr/src/node-red/node_modules/mssql/lib/tedious/request.js:367:11)
at /usr/src/node-red/node_modules/mssql/lib/base/request.js:461:12
at new Promise ()
at Request.query (/usr/src/node-red/node_modules/mssql/lib/base/request.js:460:12)
at dynatraceRegularInvoke (/opt/dynatrace/oneagent/agent/bin/1.239.226.20220509-150249/any/nodejs/nodejsagent.js:2918:20)
at Object.b.safeInvoke (/opt/dynatrace/oneagent/agent/bin/1.239.226.20220509-150249/any/nodejs/nodejsagent.js:2990:41)
at Request.query (/opt/dynatrace/oneagent/agent/bin/1.239.226.20220509-150249/any/nodejs/nodejsagent.js:12178:15)
at connection.node.execSql (/usr/src/node-red/node_modules/node-red-contrib-mssql-plus/src/mssql.js:423:40)
at doSQL (/usr/src/node-red/node_modules/node-red-contrib-mssql-plus/src/mssql.js:779:25) {
code: 'ECONNCLOSED'
Will this result in NR crashing ?
Any luck on this ? Esp #1 ? So that we can at least bring the system up.
It depends. When you create a project, it asks if you want to encrypt credentials, and if so, what key to use. You don't have to set credentialSecret in your settings for for that - it is stored in project settings by the runtime.
Without know how they have set things up, it's hard to say what's happening.
It should be ${MY_USER}
Yes, if Node-RED finds the env var NODE_RED_ENABLE_SAFE_MODE set to a value (other than false) it will start in safe mode.
Noted. Thanks. Will continue checking once i get NR up.
I meant user and password are being stored as ${MY_USER} and ${MY_PASSWORD}
Great. Already set it up. That should at least get NR up.
Will update.
We managed to get NR up for few seconds. Then again the pod went down. We are in docker env via. kubernetes.
Below is the message on start up.
`16 Jun 04:51:44 - [warn]
Your flow credentials file is encrypted using a system-generated key.
If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.
16 Jun 04:51:44 - [warn] Error loading credentials: SyntaxError: Unexpected token W in JSON at position 1
16 Jun 04:51:44 - [warn] Error loading flows: Error: Failed to decrypt credentials
16 Jun 04:51:44 - [info] *****************************************************************
16 Jun 04:51:44 - [info] Flows stopped in safe mode. Deploy to start.
16 Jun 04:51:44 - [info] *****************************************************************
`
The SyntaxError messges towards the end - not clear. I would assume it uses its own key so should be oik. Or i should ignore it?
Mystery solved. My colleague was also distributing a file called .config.runtime.json
Not sure why . But this is what he was doing and as a result NR - his instance - was using this for creds.
Thanks Nick . Your above inputs helped me resolve this.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.
Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
The OpenJS Foundation | Terms of Use | Privacy Policy | OpenJS Foundation Bylaws | Trademark Policy | Trademark List | Cookie Policy