flowfuse icon indicating copy to clipboard operation
flowfuse copied to clipboard
verified publisher icon FlowFuse

FR: a way to have variables available to flows\nodes without the value being visible as text

Open SynoUser-NL opened this issue 11 months ago • 2 comments

Description

Use case: we have different people working on flows, for some of which they need access to resource credentials. For some credentials it is not desirable to have these generally available. For this, a system like in Powershell where you can store credentials in an object and save and recall that object for later or other use and the password is protected, would be helpful.

Difficulty here is that the people working on flows are (and need to be) FF Admins as well. So there would need to be a kind of system where an admin could define credentials or a string, (for API keys or bearer tokens, or just a password) which can then be used by all admins in a team in flows. This "protected" string would then not ever reveal its content in a user interface (debug messages, on screen dashboards, etc,).

Also see: https://discourse.nodered.org/t/managing-secrets-in-flowfuse/87786/10

Which customers would this be available to

Enterprise Tier Only (EE)

Have you provided an initial effort estimate for this issue?

I am not a FlowFuse team member

SynoUser-NL avatar Jan 30 '25 10:01 SynoUser-NL

This is quite a hard problem to solve; it would require a whole new mechanism inside Node-RED itself and I'm not sure what that would look like.

The problem comes down to how these values would get used inside Node-RED.

Ultimately, these values need to be accessed by the Nodes so they can be used. So there will need to be an API available for Nodes to retrieve the values. With that API, anyone could write a node that grabs the value and attaches it to a msg - at which point we no longer have any control over what happens with that value.

Whilst this issue is pitched as a possible solution to a problem, I think we may want to think about the problem some more to see if there are alternative approaches to address it.

knolleary avatar Jan 30 '25 11:01 knolleary

I do have a suggestion if I may offer it. I've been playing around with (a self-hosted) N8N privately, mainly for AI stuff. While it is easier in some ways, it is nowhere near as flexible as NodeRED (imho). However, they do have a great solution for maintaining credentials.

Basically, they have a central credentials repository nodes can make use of. This allows for central management of credentials and means you do not have to fiddle with credentials within a node: you just select the (named) credentials item you want to use (which has already been validated when creating the credential item).

Not sure if this would be the way to go for stand-alone NR installations, but certainly for people running NR managed by Flowfuse (with the credentials store being maintained in Flowfuse) it would be nice if nodes using credentials could just select a credentials item from a dropdown that is maintained centrally (and by other people).

That being said, I'm not a developer and have no idea how hard this would be to actually do within the FF\NR environment. Other solutions may be better.

SynoUser-NL avatar Nov 04 '25 08:11 SynoUser-NL