From 873e566489dd11cb3b3db423f37085b3b9e403b5 Mon Sep 17 00:00:00 2001 From: Allan Daemon Date: Thu, 18 Feb 2021 07:32:46 -0300 Subject: [PATCH 1/2] CLI command export credentials: export decrypted option --- packages/cli/commands/export/credentials.ts | 27 ++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/packages/cli/commands/export/credentials.ts b/packages/cli/commands/export/credentials.ts index 6f9038e6cd..d0c2a3a543 100644 --- a/packages/cli/commands/export/credentials.ts +++ b/packages/cli/commands/export/credentials.ts @@ -3,6 +3,11 @@ import { flags, } from '@oclif/command'; +import { + Credentials, + UserSettings, +} from 'n8n-core'; + import { IDataObject } from 'n8n-workflow'; @@ -10,6 +15,7 @@ import { import { Db, GenericHelpers, + ICredentialsDecryptedDb, } from '../../src'; import * as fs from 'fs'; @@ -21,8 +27,9 @@ export class ExportCredentialsCommand extends Command { static examples = [ `$ n8n export:credentials --all`, `$ n8n export:credentials --id=5 --output=file.json`, - `$ n8n export:credentials --all --output=backups/latest/`, + `$ n8n export:credentials --all --output=backups/latest.json`, `$ n8n export:credentials --backup --output=backups/latest/`, + `$ n8n export:credentials --all --decrypted --output=backups/decrypted.json`, ]; static flags = { @@ -46,6 +53,9 @@ export class ExportCredentialsCommand extends Command { separate: flags.boolean({ description: 'Exports one file per credential (useful for versioning). Must inform a directory via --output.', }), + decrypted: flags.boolean({ + description: 'Exports data decrypted / in plain text. ALL SENSITIVE INFORMATION WILL BE VISIBLE IN THE FILES. Use to migrate from a installation to another that have a different secret key (in the config file).', + }), }; async run() { @@ -108,6 +118,21 @@ export class ExportCredentialsCommand extends Command { const credentials = await Db.collections.Credentials!.find(findQuery); + if (flags.decrypted) { + const encryptionKey = await UserSettings.getEncryptionKey(); + if (encryptionKey === undefined) { + throw new Error('No encryption key got found to decrypt the credentials!'); + } + + for (let i = 0; i < credentials.length; i++) { + const c = credentials[i]; + const {name, type, nodesAccess, data} = credentials[i]; + const credential = new Credentials(name, type, nodesAccess, data); + const plainData = credential.getData(encryptionKey); + (credentials[i] as ICredentialsDecryptedDb).data = plainData; + } + } + if (credentials.length === 0) { throw new Error('No credentials found with specified filters.'); } From 7eb849b9f7014afcf947a6d3c053cab452d007db Mon Sep 17 00:00:00 2001 From: Allan Daemon Date: Thu, 18 Feb 2021 07:52:05 -0300 Subject: [PATCH 2/2] CLI import credentials supports decrypted data --- packages/cli/commands/import/credentials.ts | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/packages/cli/commands/import/credentials.ts b/packages/cli/commands/import/credentials.ts index 9d109c5b03..ff9421eb46 100644 --- a/packages/cli/commands/import/credentials.ts +++ b/packages/cli/commands/import/credentials.ts @@ -3,6 +3,11 @@ import { flags, } from '@oclif/command'; +import { + Credentials, + UserSettings, +} from 'n8n-core'; + import { Db, GenericHelpers, @@ -64,7 +69,15 @@ export class ImportCredentialsCommand extends Command { throw new Error(`File does not seem to contain credentials.`); } + const encryptionKey = await UserSettings.getEncryptionKey(); + if (encryptionKey === undefined) { + throw new Error('No encryption key got found to encrypt the credentials!'); + } for (i = 0; i < fileContents.length; i++) { + if (typeof fileContents[i].data === 'object') { + // plain data / decrypted input. Should be encrypted first. + Credentials.prototype.setData.call(fileContents[i], fileContents[i].data, encryptionKey); + } await Db.collections.Credentials!.save(fileContents[i]); } }