I need to generate an Hmac signature using a secret key that I’ve stored in a custom credential. The Crypto node has an Hmac function and takes as input the secret key value. So how do I get the key value from the credential store into the Secret field in the Crypto node???
There has to be the ability to store an Hmac secret securely in the credential store AND then use it to generate Hmac signatures.
Accessing the “hidden” part of a credential using any kind of expression would defeat the purpose of having separated credential items in the first place.
I have looked before (out of curiosity) to see if the builtin variables and functions had something like $credential, but it doesn’t. If it did, anyone writing a workflow could peek at keys and passwords using a Set / Edit Fields node, which wouldn’t be very secure.
What @hubschrauber said is correct. But I could see a new feature that allows you to store your secret in a credential entry and then let the node use that under the hood when running thr node.
As far as I know this isnt a feature yet. So would need to crrate a feature request if there isnt one already.
There appears to be an existing feature request for it. Only 3 votes so far (since 2021). Maybe it needs some new energy. The suggested workaround of using $env is only slightly better, but security through obscurity isn’t really a good answer. That still has the same exposure issues.
I’m kinda surprised @BramKn didn’t mention this custom/community node (unless that was written by a totally different guy named Bram… I’m not 100% sure it’s him). It seems like a perfect candidate for adding this kind of feature.
Custom notes can read credentials though, so a custom node could be made to securely read and create the signature.
Kind of like how the JWT node works, I’m surprised that’s not supported by the crypto node yet, seems like a no-brainer that keeping some of those fields private/secure will be a priority.
