How to Secure Node-RED Flow

on

How to Secure Node-RED Flow

Password Hashing with "node-red admin hash-pw":

Node-RED provides a command-line tool, node-red admin hash-pw to generate hashed passwords. Using hashed passwords adds an extra layer of security compared to storing plain-text passwords. Here's how you can use this tool to generate a hashed password:

You'll be prompted to enter and confirm the desired password. The tool will then output the hashed version, which you can use in the Node-RED settings.

Updating settings.js:

The next step is to integrate the hashed password into the Node-RED settings.js file. Locate the settings.js file in your Node-RED installation directory(Example: C:\Users\Parrot\.node-red). Open the file in a text editor and look for the section related to admin authentication(adminAuth).

adminAuth: {
    type: "credentials",
    users: [
        {
            username: "admin",
            password: "hashed_password_here",
            permissions: "*",
        },
    ],
},

Replace "hashed_password_here" with the output generated by the "node-red admin hash-pw" command. This configuration specifies that the Node-RED editor is protected with a username ("admin") and the corresponding hashed password.

original settings.js file I have renamed to settings.txt

Conclusion:

By following these steps, you can significantly enhance the security of your Node-RED flows. Password hashing contributes to a more robust and protected environment, reducing the risk of unauthorized access and potential security breaches. Regularly update your Node-RED installation and review security best practices to stay ahead of evolving threats in the ever-changing landscape of IoT and automation.

Download Section:

Original settings.js file

Settings.txt
    /** To password protect the Node-RED editor and admin API, the following
     * property can be used. See https://nodered.org/docs/security.html for details.
     */
    //adminAuth: {
    //    type: "credentials",
    //    users: [{
    //        username: "admin",
    //        password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
    //        permissions: "*"
    //    }]
    //},

Modified settings.js file with 2 user

Modified Settings.txt
    /** To password protect the Node-RED editor and admin API, the following
     * property can be used. See https://nodered.org/docs/security.html for details.
     */
    adminAuth: {
       type: "credentials",
       users: [{
           username: "root",
           password: "$2b$08$YmUXCFPWF4n3ft70T0PNB.tGQfz3HIk2ih4lIOYc.dNiampvoGdlK",
           permissions: "*"
       },
       {
        username: "admin",
        password: "$2b$08$X2dXd/ZkxbTfsrS3uPncM.Qq8o6YEat/R3uh9UPISLZLTzDeZdzGS",
        permissions: "read"
    }]
    },

Comments

Post a Comment