Subflow to Node Credentials Management

Hi Everyone,

We currently make our own NR nodes by making use of a subflow to node converter. This enables us to use NR subflows as NR nodes in a more scalable way.

We have an issue with moving the credentials over to be available on the node, without needing to external input from the user. Currently, I just tried to pass the credentials file to the js file doing the node conversion. Please see this again.

module.exports = function(RED) {
    const fs = require('fs');
    const path = require("path");
    const crypt = require("crypto-js");

    const file = path.join(__dirname, "subflow.json");
    const text = fs.readFileSync(file);
    const flow = JSON.parse(text);

    // Load credentials from flows_cred.json
    const credentialsFile = path.join(__dirname, "flows_cred.json");
    const credentialsText = fs.readFileSync(credentialsFile);
    const credentials = JSON.parse(credentialsText);

    function getDecoder(encoding) {
        var settings = RED.settings;
        if (settings &&
            settings.encodeSubflow &&
            settings.encodeSubflow.methods) {
            const methods = settings.encodeSubflow.methods;
            const method = methods.find((x) => ( === encoding));
            if (method) {
                return method.decode;
        if (encoding == "AES") {
            return function (enc, key) {
                var enc = crypt.AES.decrypt(enc, key)
                var data = enc.toString(crypt.enc.Utf8);
                return JSON.parse(data);
        // no decoding
        return null;

    function convFlow(sf) {
        const flow = sf.flow;
        if (((typeof flow) === "object") &&
            !Array.isArray(flow)) {
            if (flow.hasOwnProperty("encoding") &&
                flow.hasOwnProperty("flow")) {
                const encoding = flow.encoding;
                const body = flow.flow;
                const decoder = getDecoder(encoding);
                if (decoder) {
                    const key = process.env["NR_FLOW_DECODE_KEY"];
                    if (key && (key !== "")) {
                        try {
                  "deocde "+encoding+ " encoded flow");
                            const flowData = decoder(body, key);
                            sf.flow = flowData;
                        catch (e) {
                            throw new Error("flow decode error:"+e.toString());
                    else {
                        throw new Error("no flow decode key specified");
                else {
                    throw new Error("no decoder found:" +encoding);
        return sf;

    RED.nodes.registerSubflow(convFlow(flow), credentials);

Credentials file:

    "ecf3c5ed05011987": {},
    "1777c59870e2d315": {
        "user": "test",
        "password": "test#5h7"

Unfortunately this is not doing the trick. Does anyone have an idea of how to best insert the credentials into the node automatically?

Kind regards,


Surely this is what ENV VARS are for?

Your server could define ENV VARs like NR_USER and NR_PASS that the flow designer can use. you can even set the ENV VAR value in the subflow to this so it is preset.