The Node-RED editor is a very powerful tool for creating Node-RED applications. When you are providing a solution based on Node-RED it's important to protect the editor for a various reasons. The method is documented here:

https://nodered.org/docs/security

The procedure is:

  1. Pick a login and password.
  2. Use the bcryptjs package to encrypt the password.
  3. Uncomment adminAuth section in the settings.js file.

Here's an example.

Install the bcryptjs module:

$ sudo npm install -g bcryptjs

Generate the password:

$ node -e "console.log(require('bcryptjs').hashSync(process.argv[1], 8));" the-password
$2a$08$e4bvU/bvAyEUWL50HRKi3egMY8x1jFkavqBcbPaOFgCWdzRbGX/5S

Uncomment the adminAuth section and include the username and password:

adminAuth: {
    type: "credentials",
    users: [{
        username: "admin",
        password: "$2a$08$e4bvU/bvAyEUWL50HRKi3egMY8x1jFkavqBcbPaOFgCWdzRbGX/5S",
        permissions: "*"
    }]
},

Restart Node-RED.

Access the Node-RED editor, enter the login and password.