OpenCore - credentials api

Hi,

Can the credentials stores inside Credentials entity on opencore, be retrieved via nodeapi? I’ve checked the api docs, there doesn’t seem to be a get credentials method. There is such method in openrpa though, but it would be helpful to have that available for coded flows as well.

Thanks

Ok, it seems that the creds are simply stored in openrpa collection, type credential. Can get that with a simple query. Not the most secure way of storing them since they are visible in clear, but works for now :sweat_smile:

1 Like

They are NOT stored in clear text, that is the whole point. With sensitive data, you want to make sure it’s stored encrypted inside the database, so if the database gets compromised, you cannot read it. So you use Access Control Lists to decide who can see it, and we use AES256 encryption to ensure if someone compromises the database they cannot read it.

Not sure if there was a regression to this.

This is on app.openiap.io.
Same on selfhosted 1.5.12.5

f**k … the _encrypt field is missing on created credentials …

I have push a new version to https://app.openiap.io and pushed a new version as :latest to docker hub that fixes the missing _encrypt field on new credentials

1 Like

It does have an _encrypt key know, but password still visible.

This is how a credentials system works: when you create or fetch a credential, you’re doing so with the correct access rights, and the system returns the decrypted value only because you’re authorized to use it.

The credentials themselves are stored encrypted in the database using AES-256, and access is tightly controlled via ACLs. So while it may look like the password is “just there,” it’s actually being decrypted securely on-demand, because without that, the credential wouldn’t be usable in automation or scripting contexts.

That’s essentially what a credential manager is supposed to do: keep things encrypted at rest, and only decrypt when explicitly requested by someone who has the right permissions.

1 Like

Got it. Thanks Allan

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.