Node Red projects
202 views
Skip to first unread message
Peter Scargill
Apr 14, 2018, 9:51:36 AM4/14/18
to Node-RED
I have a PI2 running Node Red and today I reset the Pi. When I checked a browser on my PC, I was shown a message to say that flows stopped as the credentials could not be encrypted.The flow credential file is encrypted but the projects encryption key is invalid or missing.
I'm not using projects, have no interest in that feature and have not made any changes to enable such a feature. I cannot figure out why my flows which were working only an hour ago bwfore the reset will no longer start up.
Nick O'Leary
Apr 14, 2018, 10:35:18 AM4/14/18
to node...@googlegroups.com
Hi Peter,
If you don't provide an encryption key in your settings file, then NR generates one and stores it in .config.json.
If .config.json gets corrupted somehow then NR won't have the key it needs to decrypt the credentials.
This is an open issue for us to fix because in this scenario, the prompt you get in the editor incorrectly references projects, even though they aren't enabled.
Without the encryption key, you'll need to delete your credentials file and then re-enter any credentials you had stored via the editor. I strongly recommend, before doing this, that you provide your own credentialSecret in your settings file. That will avoid this happening again should .config.json get lost.
Nick
On Sat, 14 Apr 2018, 14:51 'Peter Scargill' via Node-RED, <node...@googlegroups.com> wrote:
I have a PI2 running Node Red and today I reset the Pi. When I checked a browser on my PC, I was shown a message to say that flows stopped as the credentials could not be encrypted.The flow credential file is encrypted but the projects encryption key is invalid or missing.I'm not using projects, have no interest in that feature and have not made any changes to enable such a feature. I cannot figure out why my flows which were working only an hour ago bwfore the reset will no longer start up.
--
http://nodered.org
Join us on Slack to continue the conversation: http://nodered.org/slack
---
You received this message because you are subscribed to the Google Groups "Node-RED" group.
To unsubscribe from this group and stop receiving emails from it, send an email to node-red+u...@googlegroups.com.
To post to this group, send email to node...@googlegroups.com.
Visit this group at https://groups.google.com/group/node-red.
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/5aa92d9e-f3bb-469b-acdd-0f7b39aff365%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Peter Scargill
Apr 14, 2018, 11:59:01 AM4/14/18
to Node-RED
Hi Nick,,
I managed to revert to the settings.js before the update. Took me a while to figure out what to do but I have my flows back. I know very little about encryption keys and as I don’t work in teams have little need to investigate.
I had a stroke in December and I’m still struggling with more complex stuff, could do without the hassle.When you say provide my own credentialSecret, in one doc it looks like you can just put this (whatever the key would be) in settings.js under module.exports, in another it suggests it should be inside there and also inside a subheading to do with themes. It is commented out here and in this case all I had to do was change mqtt to another instance with new user+pass info. In the Spanish installation it would be far more complex.
Regards
Pete
Nick O'Leary
Apr 14, 2018, 12:03:59 PM4/14/18
to node...@googlegroups.com
Hi Pete,
Sorry to hear you've been unwell. Glad to see your back on the mailing list.
In the default settings file you should find a commented out credentialSecret setting. Uncomment that and give it a value. It will be within the module.exports block as are all the other settings.
Nick
To view this discussion on the web, visit https://groups.google.com/d/msgid/node-red/8f6140fb-8cbd-4f57-881c-b83ad7976f0b%40googlegroups.com.
Stephen Mann
Apr 15, 2018, 4:34:00 PM4/15/18
to Node-RED
Nick- I read your article in the Git (Design: Encryption of credentials), but like Pete, my Node-Red is on my home LAN and I am the only user, so credentials and passwords have never been a concern here. Are you saying here that I would benefit from adding credentialSecret: "MyDogSpot" to my settings.js file?
I don't have the same issue that Pete presented, but is this a prophylactic prevention?
What, if any, is the downside to adding credentialSecret to the settings.js file?
Thanks,
Steve Mann
Dave C-J
Apr 15, 2018, 5:15:34 PM4/15/18
to node...@googlegroups.com
Well,
If you set it in settings.js you can set it to anything you like... if you don't set it, then Node-RED makes one up for you and hides it in .config.json - so then the credential passwords are at least not stored in the clear. It's not a problem as long as you never lose your .config.json file, or don't mind re-entering any credentials for nodes that need them if you do. If you do set it - then the first time we see that then we re-encrypt them with your key instead.
Stephen Mann
Apr 15, 2018, 6:21:08 PM4/15/18
to Node-RED
So, it's a good thing to do even on a functioning node-red with loads of working flows?
Reply all
Reply to author
Forward
0 new messages