Node-RED Projects and Credentials Encryption in DevOps Pipeline

Hi,

I'm having trouble with Node-RED projects and credential encryption.

Context of my setup:

• Development is done in a Dockerized Node-RED instance with Projects (git) enabled.
• When I commit code, it is pushed to a GitHub repository.
• A GitHub Action builds a new container using a Dockerfile plus the flows and project files.
• The image is pushed to Docker Hub.
• The OPS server then pulls this image and redeploys the containers.

image2244×1684 157 KB

The problem is with flows_cred.json. When encryption is enabled, the container generated in the pipeline cannot decrypt the credentials.

I tried setting the credentialSecret in settings.js, but it did not work.

If I disable encryption, everything works fine, but that is not the desired setup.

How should this be configured correctly so encrypted credentials can be used across environments?

Thanks!

(Node-RED 4.0.2)

I have a similar use case. However, as the container I am getting from the repo can be used the fetch information from many different MQTT brokers, I am using env variables, initiated as the start of the container to configure all brokers (url, user, passed, topic, qos…).
So flows_cred is empty… maybe not applicable to your situation, though.

I'm surprised when you say setting the credential Secret in settings.js doesn't work as we have a very similar setup and it works on our side. When you first setup the Node-RED project, are you using the same credential secret as in your settings.js file ? When using projects the credentialSecret is stored in the .config.projects.json file and should be the same as the one defined in your settings file.

Thanks @greengolfer and @nlecaude.

It’s now fixed. The key point is that the order of the steps matters:

1. Configure credentialSecret in settings.js.
2. Create the project using that existing credentialSecret for encryption.

When done strictly in this sequence, everything works correctly.