Reputation: 532
How can data be stored securely from backend code in node-red?
My use case is that I retrieve a OAuth refresh token from an OAuth server. I want to store this in the credentials of a config node in node-red. However I can't find how to do that.
On the Node-RED credentials documentation page I've found something that exactly describes my use case:
Whilst the credential system outlined above is sufficient for most cases, in some circumstances it is necessary to store more values in credentials than just those that get provided by the user. For example, for a node to support an OAuth workflow, it must retain server-assigned tokens that the user never sees. The Twitter node provides a good example of how this can be achieved.
However, I have analyzed the source code of the Twitter node, but I couldn't find anything that updates the tokens from the backend code.
How can I store the token from the backend code (node.js parts of the Node-RED node) into the credentials field of the configuration node?
Upvotes: 1
Views: 82
Answers (1)
Reputation: 59608
There isn't currently a way to update stored credentials directly from the backend.
The only option would be to update the flow with the new credentials by POSTing to the Admin API but at best this would cause any nodes using those credentials to be restarted so any inflight messages may be lost.
It is a known edge case, but I'm not aware of any planned solution at this time.
Upvotes: 2
Related Questions
- How to secure nodered with username and password
- How to secure the access to my Node-RED UI with httpNodeAuth
- Which is the best way to store sensitive credentials in Node.js?
- Store JWT/authorization on the Client/Server side of application [JavaScript]
- credentialSecret option and _cred.json file
- Best practice for storing sensitive connection data when connecting to a DB
- Securely store data in a Node CLI app
- How to secure Node-RED http in nodes
- adding security to node-red dashboard
- How to save the confidential data at server side