Credentials Encryption comments and questions
63 views
Skip to first unread message
Mike Blackstock
Jul 28, 2016, 1:16:06 PM7/28/16
to Node-RED
I had a look at the design doc on the wiki https://github.com/node-red/node-red/wiki/Design%3A-Encryption-of-credentials
We have the need to provide the credentialsSecret on startup or run time. Nick let me know that can easily be done by setting the credentialsSecret in settings to something like: process.env.MY_CREDENTIAL_SECRET which is great.
Is this a common enough use case to be mentioned in the design document specifically? The doc seems to imply that the secret will be typically near the encrypted credentials.
Also, if passing in the secret at startup or run time will be a common use case to avoid keeping it near the credentials file, perhaps the key can be provided using an API call to the run time? Perhaps we can settle on an environment variable that is used (if its set) (e.g. NODE_RED_SECRET). This could be used by the docker image perhaps.
Also, just wondering if anyone has started on the storage plug in that will implement this? I made some changes to the existing module in this area on a fork and would like to see how far off we are. I'm hoping to leverage your work of course, and contribute if I can.
Thanks!
Mike
Nicholas O'Leary
Jul 29, 2016, 10:59:18 AM7/29/16
to Node-RED Mailing List
Hi Mike,
good suggestions - will update the design doc.
From an implementation point of view, this all needs to exist above the storage layer - the credentials will be encrypted when passed over the storage api. That way all storage plugins get it for 'free'.
Nick
--
http://nodered.org
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.
To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.
For more options, visit https://groups.google.com/d/optout.
Mike Blackstock
Jul 29, 2016, 2:32:51 PM7/29/16
to node...@googlegroups.com
thanks - above storage makes sense. I'll look for changes in the source in this area. - Mike
--
Mike Blackstock
Chief Technical Officer
Sense Tecnic Systems, Inc.
Chief Technical Officer
Sense Tecnic Systems, Inc.
308 East 5th Avenue, Vancouver, BC, V5T1H4
www.sensetecnic.com
www.sensetecnic.com
phone: 604-760-9035 email: mblac...@sensetecnic.com
Reply all
Reply to author
Forward
0 new messages