feat: External Secrets storage for credentials (#6477)

Github issue / Community forum post (link here to close automatically): --------- Co-authored-by: Romain Minaud <romain.minaud@gmail.com> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Csaba Tuncsik <csaba@n8n.io> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com>
2023-08-25 11:33:46 +03:00
parent c833078c87
commit ed927d34b2
89 changed files with 4164 additions and 57 deletions
--- a/packages/cli/src/credentials/credentials.service.ts
+++ b/packages/cli/src/credentials/credentials.service.ts
@@ -309,7 +309,10 @@ export class CredentialsService {
 			if (!prop) {
 				continue;
 			}
-			if (prop.typeOptions?.password) {
+			if (
+				prop.typeOptions?.password &&
+				(!(copiedData[dataKey] as string).startsWith('={{') || prop.noDataExpression)
+			) {
 				if (copiedData[dataKey].toString().length > 0) {
 					copiedData[dataKey] = CREDENTIAL_BLANKING_VALUE;
 				} else {
--- a/packages/cli/src/credentials/oauth2Credential.api.ts
+++ b/packages/cli/src/credentials/oauth2Credential.api.ts
@@ -34,6 +34,8 @@ import config from '@/config';
 import { getInstanceBaseUrl } from '@/UserManagement/UserManagementHelper';
 import { Container } from 'typedi';

+import * as WorkflowExecuteAdditionalData from '@/WorkflowExecuteAdditionalData';
+
 export const oauth2CredentialController = express.Router();

 /**
@@ -81,12 +83,15 @@ oauth2CredentialController.get(
 			throw new ResponseHelper.InternalServerError((error as Error).message);
 		}

+		const additionalData = await WorkflowExecuteAdditionalData.getBase(req.user.id);
+
 		const credentialType = (credential as unknown as ICredentialsEncrypted).type;

 		const mode: WorkflowExecuteMode = 'internal';
 		const timezone = config.getEnv('generic.timezone');
 		const credentialsHelper = new CredentialsHelper(encryptionKey);
 		const decryptedDataOriginal = await credentialsHelper.getDecrypted(
+			additionalData,
 			credential as INodeCredentialsDetails,
 			credentialType,
 			mode,
@@ -107,6 +112,7 @@ oauth2CredentialController.get(
 		}

 		const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(
+			additionalData,
 			decryptedDataOriginal,
 			credentialType,
 			mode,
@@ -223,11 +229,13 @@ oauth2CredentialController.get(
 			}

 			const encryptionKey = await UserSettings.getEncryptionKey();
+			const additionalData = await WorkflowExecuteAdditionalData.getBase(state.cid);

 			const mode: WorkflowExecuteMode = 'internal';
 			const timezone = config.getEnv('generic.timezone');
 			const credentialsHelper = new CredentialsHelper(encryptionKey);
 			const decryptedDataOriginal = await credentialsHelper.getDecrypted(
+				additionalData,
 				credential as INodeCredentialsDetails,
 				(credential as unknown as ICredentialsEncrypted).type,
 				mode,
@@ -235,6 +243,7 @@ oauth2CredentialController.get(
 				true,
 			);
 			const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(
+				additionalData,
 				decryptedDataOriginal,
 				(credential as unknown as ICredentialsEncrypted).type,
 				mode,