A strange idea came to mind today. I am heavily using bitwarden for my personal info, and i am running several node-red instances where they share same username and password combination for accessing the editor.
Could i define
adminAuth property as a async function to utilize the Bitwarden api (which would store username and password ) to be able to have easier access and more security?
I will also utilize the Bw API to store 3rd party credentials for my integrations, because why keep them encrypted in github repository.
Maybe you could - I think you might be able to but I've not really looked into that api.
However, I'm not entirely convinced it would be more secure. I suspect it would be less secure but would need to give it more thought than a Sat. evening warrants I'm afraid. My reasoning being that you have collapsed the security decision making and action into your application. Ideally, the two should generally be separate, especially for administrative actions.
Where it might make more sense is your other use-case which would effectively use Bitwarden as a keystore for your application. Now that would be an interesting flow to see and I hope that you will be able to share something.
adminAuth may return a Promise.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.