mirror of https://github.com/node-red/node-red.git
Updated Design: Encryption of credentials (markdown)
parent
d9ec69bece
commit
56d948a792
|
@ -56,3 +56,22 @@ By keeping it a valid JSON object underlying storage implementations should not
|
|||
var decipher = crypto.createDecipheriv(encryptionAlgorithm, encryptionKey, initVector);
|
||||
var decrypted = decipher.update(encryptedCredentials, 'base64', 'utf8') + decipher.final('utf8');
|
||||
var result = JSON.parse(decrypted);
|
||||
|
||||
## FAQ
|
||||
|
||||
The credentials file (`flows_cred.json`) is encrypted by default to ensure its contents cannot be easily read.
|
||||
|
||||
Node-RED generates a random key for the encryption if you do not provide one in your settings file. If the second instance of Node-RED doesn't have the same encryption key, it won't be able to decrypt the file.
|
||||
|
||||
Here are the steps you need to resolve this.
|
||||
|
||||
1. edit your `settings.js` file and add a `credentialSecret` property with a whatever string value you want. If you want to disable encryption, set its value to `false`.
|
||||
|
||||
credentialSecret: "my-random-string"
|
||||
|
||||
2. Restart Node-RED and deploy a change - this will trigger Node-RED to re-encrypt your credentials with your chosen key (or disabling encryption if set to false).
|
||||
|
||||
3. You can then copy your flow/credential file to a second instance, just make sure you give it the same `credentialSecret` value in its settings file.
|
||||
|
||||
Note that once you set `credentialSecret` you cannot change its value.
|
||||
|
||||
|
|
Loading…
Reference in New Issue