This is a follow-up article to the Tasker credentials article. I mentioned, that If you run a NodeRED server, you can pass an authenticated web request to obtain these credentials from your own server, without sharing the file with Google Docs. The Tasker part of the process remains the same, so please check that tutorial out, as here I’m going to cover the NodeRED endpoint.

I have edited the tutorial on 25 Sept 2019 to add encryption, as no one likes the passwords stored in the text files.

NodeRED Credentials

All you need to do!

It’s unwise to store any secure credentials as plain text, so I’m going to use encryption to save the credentials in the encrypted form. There is a very simple node to use – search palette manager for node-red-contrib-crypto-js.

I’m going to work again with HTTP requests and JSON files so if you need a bit of background knowledge, I have the JSON basics for you here.

Saving Credentials

Create|Encrypt|Save

First, I have to create the credentials using a template node, keep a copy of this JSON formatted string elsewhere, you will find it useful if you want to add more information.

 {
"NodeRED_IP": "192.168.1.183:1880",
"DNS": "DNS1.ddns.net",
"MQTT_user": "MQTTuser",
"MQTT_pass": "MQTTpass",
"HTTP_user": "HTTPuser",
"HTTP_pass": "HTTPpass"
}

This msg.payload is then encrypted with the encrypt node and saved to file. Select the encryption of your choice and remember the passphrase, you will need it to decrypt the information.

Getting Credentials

Read|Decrypt|Serve

To get the desired information, you need to pass an authorised (username, password) HTTP request. Once the authenticated, the file will be read with a node, decrypted (use the same encryption and password) and formatted to a JSON object.

Please note, this is not the best solution if your credentials contain the server’s IP. If your NodeRED DNS or IP changes, you will have to update the script pulling the JSON file manually. You can bypass this by serving the updated JSON file first, then changing the IP of the server.

Lastly, delete the flow used to create the credentials. You don’t want this to be easily accessible in your ./node-red folder.

Conclusion

Storing your credentials this way introduces a new level of safety as only authenticated HTTP requests will get a valid response. If you want to learn more about securing your NodeRED installation – check this article out. If you have any questions or comments feel free to leave it in this Reddit thread.

Support NotEnoughTech
A lot of time and effort goes into keeping NotEnoughTech alive! If my work helped you out, consider buying me a coffee or check out exclusive rewards available to Patreon supporters.
SHARE