Prevent anonymous editor access on IBM Cloud Code Engine


I have Node-RED running on Code Engine in the IBM Cloud, based on the Node-RED Starter Kit. Even though I configured user user credentials during the setup, anyone can visit the editor and view the logs, which I would like to prevent. There is documentation on the NODE_RED_GUEST_USER environment variable, but I haven't been able to set it effectively to false, to prevent anonymous read access. For example, on the Code Engine Application Environment variables tab I've set NODE_RED_GUEST_USER as literal false, with no effect.

Any idea on what can be done in this hosting environment to prevent anonymous read access to the editor UI?

In my copy of the Node-RED IBM Cloud Starter Application, I modified the startNodeRED function in index.js to never consider config.adminAuth.allowAnonymous or process.env.NODE_RED_GUEST_ACCESS (just by setting if(false) ...) - which does the trick, but is kinda hackish, so I'm still interested in learning how to apply this configuration via the NODE_RED_GUEST_USER environment variable :slight_smile:

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.