saving secret key as credential? #2
Description
The secret key field in both the encryption and decryption are currently not stored as credentials. They are visible in the flow code which can a security issue. For example:
[{"id":"3382580d.79f2d8","type":"encrypt","z":"543e65ad.2f3a4c","name":"","algorithm":"DES","key":"this is my secret key","x":421,"y":115,"wires":[[]]},{"id":"4690dfe7.7ca6c","type":"decrypt","z":"543e65ad.2f3a4c","name":"","algorithm":"AES","key":"this is my other secret key","x":568,"y":116,"wires":[[]]}]
and you can see my "key" content in the above flow code.
I also post on the node-red mailing list here, but I guess it's also a good idea to start an issue to track it.
Since the same key could be required for both the encryption and decryption node, would it be a good idea to have these two nodes share the same config node, which the config node will store the secret key as credential, and both the encryption and decryption node will be able to obtain the secret key from the config node?