practically a continuation of How to use credentials in the request header of a REST GET
Currently, you cannot work with Knime without exposing the credential / token if you need to combine it if a prefix like "Bearer " or similar.
you cannot
- manipulate the credential password upfront because there is no functionality to e.g. concat a string with a password or two passwords into a new one (protected password credential).
- insert the credentials password into the basic authentications password field via flow variable because it accepts only string type (and doesnt support credentials type)
- you cannot combine the credentials password in the request header with a prefix like "Bearer ". you can only pass a constant, flow var, credentials username OR credentials password.
it would be great if there would be a bit more attention to handling of sensitive data.