Hi Everyone,
I`m looking for some advice on securely deploying node-red to production.
I have a device running debian system with node-red running.
My concern is that flows file can be accessed by anyone that would pull out the ssd card from the device and attach it to any other system - he can open flows file and just simply get all my source code.
If within node-red there is no way to secure it so it cannot by read by casual power-user ( lets call it that ) - did anyone have any luck doing similar but using some linux based tools to encrypt and decrypt the flows file or entire home directory ?
I`m also looking to move from sd into compute module with emmc storage so it would be harder for someone to actually get to device storage.
Thanks so much for replies so far !
Issue is that i plan to put it on running appliances that will sit in client locations so cannot really close them down.
I`m looking into emmc storage solutions to move away from SD and make it harder to get to the files as well but due to some production issues Compute 4 from Raspberry is couple weeks of months of wait.
Docker isn't a security fix. It can help stop people from changing things accidentally for sure but I don't think it can completely hide things - though I'm not a Docker expert so I could be wrong.
Another thing you could do would be to compile your code - but then you are moving away from purely using Node-RED. However, node.js does have good support for integration of modules that are partially or fully compiled. So if you could encapsulate some of the logic in a custom node, you could further move the code to a compiled library.
You are going to want to be certain that the effort is worth it though because that is a fairly costly option from a commercial viewpoint.
I would certainly question whether you really do need to hide the code. You could, instead, make a big selling point of using open source code and then focus on service rather than selling logic.