HomeHome AutomationServing credentials with NodeRED

Serving credentials with NodeRED

Storing security credentials on your own server

This is a follow-up article to the Tasker credentials article. I mentioned, that If you run a NodeRED server, you can pass an authenticated web request to obtain these credentials from your own server, without sharing the file with Google Docs. The Tasker part of the process remains the same, so please check that tutorial out, as here I’m going to cover the NodeRED endpoint.

I have edited the tutorial on 25 Sept 2019 to add encryption, as no one likes the passwords stored in the text files.

NodeRED Credentials

It’s unwise to store any secure credentials as plain text, so I’m going to use encryption to save the credentials in the encrypted form. There is a very simple node to use – search palette manager for node-red-contrib-crypto-js.

I’m going to work again with HTTP requests and JSON files so if you need a bit of background knowledge, I have the JSON basics for you here.

Saving Credentials

First, I have to create the credentials using a template node, keep a copy of this JSON formatted string elsewhere, you will find it useful if you want to add more information.

 {
"NodeRED_IP": "192.168.1.183:1880",
"DNS": "DNS1.ddns.net",
"MQTT_user": "MQTTuser",
"MQTT_pass": "MQTTpass",
"HTTP_user": "HTTPuser",
"HTTP_pass": "HTTPpass"
}

This msg.payload is then encrypted with the encrypt node and saved to file. Select the encryption of your choice and remember the passphrase, you will need it to decrypt the information.

Getting Credentials

To get the desired information, you need to pass an authorised (username, password) HTTP request. Once the authenticated, the file will be read with a node, decrypted (use the same encryption and password) and formatted to a JSON object.

Please note, this is not the best solution if your credentials contain the server’s IP. If your NodeRED DNS or IP changes, you will have to update the script pulling the JSON file manually. You can bypass this by serving the updated JSON file first, then changing the IP of the server.

Lastly, delete the flow used to create the credentials. You don’t want this to be easily accessible in your ./node-red folder.

Conclusion

Storing your credentials this way introduces a new level of safety as only authenticated HTTP requests will get a valid response. If you want to learn more about securing your NodeRED installation – check this article out. If you have any questions or comments feel free to leave it in this Reddit thread.

Project Download

Download project files here. Bear in mind that Patreon supporters have early access to project files and videos.

PayPal

Nothing says "Thank you" better than keeping my coffee jar topped up!

Patreon

Support me on Patreon and get an early access to tutorial files and videos.

image/svg+xml

Bitcoin (BTC)

Use this QR to keep me caffeinated with BTC: 1FwFqqh71mUTENcRe9q4s9AWFgoc8BA9ZU

Smart Ideas with

Automate your space in with these ecosystems and integrate it with other automation services

client-image
client-image
client-image
client-image
client-image
client-image
client-image
client-image
client-image

Learn NodeRED

NodeRED for beginners: 1. Why do you need a NodeRED server?

0
To server or not to server? That's a very silly question!

Best Automation Projects

Tuya SDK for beginners: Intro to Tuya Cloud API

0
Working with Tuya Cloud API. A guide to Cloud automation for beginners, get started with REST!

NEST your old thermostat under $5

0
Nest-ing up your older thermostat under $5

Nora – Google Assistant in NodeRED

0
Integrate Google Assistant with NodeRED thanks to Nora - NodeRED home automation

Sonoff Zigbee Bridge – review

0
Sonoff line up will soon include Sonoff Zigbee Bridge and more Zigbee sensors - here is the first look

DIY Smart Washing Machine – for about 15 bucks!

0
Learn how to add washing machine notifications to your Google Home on the cheap

Smart Home

We’ve seen this before: SwitchBot K10+ PRO

0
This is an odd one. Building on the success of SwitchBot K10+ they released SwitchBot K10+ PRO - but is the experience actually better?

Is this the smart panel we have waited for?

0
ITEAD has released a new smart panel: Sonoff NSPanel Pro 120 - have they learned the lesson from the terrible launch of the original Pro? Let's see what's new.

Aqara FP1E detects motionless humans

0
This isn't exactly a new device, it's an interaction of the original Aqara presence sensor. Aqara FP1E brings Matter, ZigBee and new triggers to your smart home

SwitchBot S10: cleaning re-imagined!

0
SwitchBot S10 promises unattended vacuuming and mopping so you can focus on things you love and care for. Does it deliver?

Sonoff for households and gardens

0
ITEAD released two ZigBee devices to manage water in your household and gardens. Now you can monitor the flow and dispense water with Sonoff SWV and prevent water damage using the Sonoff Water Leak sensor with a twist.