Set a Node-Red password

Hello,

I’m trying to set a password for Node-Red only but I can’t do it and I don’t want it to be the same as the remote console. I already know that if you set a password for the remote console it will set the same password to Node-Red.

I tried to add a password via SSH in the /usr/lib/node_modules/node-red/venus-setting.js, it works until you do a software change/upgrade. It’s normal because every files not contained in the /data is being erased. So I tried to do a script that place the adminAuth in the right place in the venus-setting.js and try to do it on the reboot in a crontab, but even this crontab is being erased on a software change/upgrade. On a post from @mvader (Victron Energy) https://community.victronenergy.com/questions/155949/node-red-config-files.html it’s been said that a file named /data/home/nodered/.node-red/settings-user.js exists to do some code but I can’t find it.

If there is a way to password protect Node-Red and not the remote console can you tell me ?

Otherwise if there’s currently no way, a quick fix by Victron is just to add a node-red_password.txt in the /data/conf and using this file in /usr/lib/node_modules/node-red/user-authentication.js L6 const passwordFileName = ‘/data/conf/node-red_password.txt’. And than add the feature to the remote console, asking the old password if you want to change it.

Best Regards

settings-user.js is working for me, see here, not sure if it can be used for password options.

Setting a password for admin console works in file “/data/home/nodered/.node-red/settings-user.js” like that:

module.exports = {
    credentialSecret: "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz",
    adminAuth: {"type":"credentials",
                "users":[
                     {"username":"user1","password":"$2axxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx2","permissions":"*"},
					 {"username":"user2","password":"$2byyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyya","permissions":"*"},
                ]
     },
}

password is generated via

node-red admin hash-pw

“credentialsSecret” is typcially stored in “/data/home/nodered/.node-red/ .config.runtime.json”, but should be defined in “/data/home/nodered/.node-red/settings-user.js” (before defining any password). Otherwise it could happen that passwords are not accepted after firmware upgrade.
The “credentialsSecret” can be also generated by yourself (e.g. passphrase generator) defining a 64 byte alphanumeric expression.
In case you change that expression, please consider to regenerate your password-phrases afterwards again!

1 Like

Thank you for that it’s working perfectly !