Node-Red: Secure with password

This article  is a sequel of our Node-Red series of tutorials and focuses on Securing of Node-Red with a password. We can restrict access to node red with one or multiple user accounts.

Add a user account:

  • Navigate to the .node-red folder where Node-Red is installed.
    • Normally the location is /IP_ADDRESS/Pi Home/pi/.node-red.
  • Open the settings.js file and edit the adminAuth property by navigating down the file.
//adminAuth: {
    //    type: "credentials",
    //    users: [{
    //        username: "admin",
    //        password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
    //        permissions: "*"
    //    }]
  • Remove the // comment characters.
adminAuth: {
        type: "credentials",
        users: [{
            username: "admin",
            password: "$2a$08$zZWtXTja0fB1pzD4sHCMyOCMYz2Z6dNbM6tl8sJogENOMcxWV9DN.",
            permissions: "*"
  • Change username as desired.
  • SSH the device using PuTTY.
  • Generate hash using the command;
    • For Node-RED 1.1.0 or later node-red admin hash-pw.
    • For older versions of Node-RED node-red-admin hash-pw.

  • Copy the hash from PuTTY and paste it against password in adminAuth property.
  • Save the file.
  • Restart the Node-Red sudo systemctl restart nodered.
  • Now Node-Red will ask for the username and password as expected.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x