[node-red] Define 'CredentialSecret' at launch

[carpenike]

Exploring the 'how' to do this now. Looks like one of the options in settings.js needs to be updated with a value.

At startup Node-Red sends this warning:

---------------------------------------------------------------------
Your flow credentials file is encrypted using a system-generated key.

If the system-generated key is lost for any reason, your credentials
file will not be recoverable, you will have to delete it and re-enter
your credentials.

You should set your own key using the 'credentialSecret' option in
your settings file. Node-RED will then re-encrypt your credentials
file using your chosen key the next time you deploy a change.
---------------------------------------------------------------------

[carpenike]

Counter point though, is this actually needed or as we backup the entire /config volume do we have the CredentialSecret stored regardless of what its value is?

It appears this is primarily for moving flows to a new system.

Thoughts?

[bjw-s]

https://nodered.org/docs/getting-started/docker#credentials-secrets-and-environment-variables
Based on this, I run my chart with an additional ENV var (filled with a secret) that gets referenced in my settings.js file.

However - as you state - that only has effect when there is alreay a settings.js file to begin with. If it gets generated at the initial start, Node-RED will keep throwing the warning until you manually modify the settings file.

Maybe an initContainer could help here? It would check if the settings file already exists, and if it doesn't, it could place a default file containing the correct reference? Another approach could be to place the settings.js file under a configMap that gets mounted. This would potentially cause any persistent settings file to get overwritten at runtime though.

[stale]

This issue request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.