node-red-contrib-secret 0.1.0

Node-RED node for injecting secrets into flows while preventing export of those secrets

npm install node-red-contrib-secret


A simple node for injecting secrets into your flows, whether they're API keys needed for an HTTP request, encryption keys, passwords, or whatever else.

This node is useful because it stores the configured secret in the credential file, which is not included in an export; if you've simply hardcoded the credential on an HTTP node's URL, in a template, or in a function, you can no longer safely export that flow, as that credential will be included. A secret node holding that key means that you can export your flow without compromising your key.


Here's an example of how to use the secret node. This particular example is hiding my IFTTT API key:


And in importable format:

[{"id":"92c88bb7.aa8f98","type":"secret","z":"81d5bf3e.6ee35","name":"IFTTT API Key","x":560,"y":1600,"wires":[["b8bd3eb2.8ebc2"]]},{"id":"b8bd3eb2.8ebc2","type":"template","z":"81d5bf3e.6ee35","name":"Set msg.url","field":"url","fieldType":"msg","format":"handlebars","syntax":"mustache","template":"{{secret}}","x":670,"y":1660,"wires":[["974aeaa.8864318","5bfa7c4f.3f1074"]]},{"id":"5bfa7c4f.3f1074","type":"http request","z":"81d5bf3e.6ee35","name":"IFTTT","method":"GET","ret":"txt","url":"","x":830,"y":1680,"wires":[[]]},{"id":"974aeaa.8864318","type":"debug","z":"81d5bf3e.6ee35","name":"","active":true,"console":"false","complete":"true","x":830,"y":1640,"wires":[]},{"id":"87c666a4.8f1968","type":"inject","z":"81d5bf3e.6ee35","name":"","topic":"","payload":"","payloadType":"date","repeat":"","crontab":"","once":false,"x":440,"y":1540,"wires":[["92c88bb7.aa8f98"]]}]
  1. Inject node - it's simply there to trigger the flow, we're not using anything from it. (in reality, this is initiated by an MQTT input message)
  2. Secret node - it takes the existing msg object, adds a new msg.secret as configured, then sends the msg on. In this case, the msg.secret will be set to "your_maker_channel_key_here" Config
  3. Template node - the HTTP node expects the URL in msg.url. In this case, the API key needs to be in the URL, so the template sets msg.url to{{secret}} - this would trigger the 'doorbell' action (which must be configured in an IFTTT recipe for you), and cleanly inserts the secret key into the URL that will be called.
  4. Output - both dump the msg object out so we can see what we just sent, as well as sending it into the HTTP node to be triggered in IFTTT's system.

Node Info

Version: 0.1.0
Updated 1 year, 8 months ago
License: Apache-2.0


4 in the last day
14 in the last week
123 in the last month


  • secret


  • node-red
  • secret
  • password
  • key
  • api-key


  • shanemadden