Without making any changes to settings.js file, I can see two JSON documents in .node_red folder - one for the flows and other for credentials. For example, flows_ip-xxx-xxx-xx-xx_cred.json and flows_ip-xxx-xx-xx-xx.json. Then, there is a field as credentialSecret in the settings.js file.
On a fresh Node-RED installation, suppose, I manually copied flows_ip-xxx-xx-xx-xx.json only, from an earlier installation, followed by a restart. I will copy into a different_name.json that is also mentioned for the flowFile property. Then, are the credentials still copied over but encrypted with a (different) auto-generated password? In which case, if I defined a common value for credentialSecret option in settings.js for both installations, the nodes would get correct credentials in the new installation?
I should probably be using the projects option; but, until then, I want to figure out the credentials behavior.
If you do not set a credentialSecret in settings.js then Node-RED will create a key the first time it starts and store it in the hidden file called .config.runtime.json in the user directory.
This key will be used to encrypt the flows_creds.json to protect the credentials file.
If you need to move a flow to a new machine then you can copy the _credentialSecret value from .config.runtime.json to the credentialSecret in the new settings.js to allow it to decrypt the existing credentials file.
If you are starting from scratch then you can choose to define your own credentialSecret in the settings.js on both machines to allow them to decrypt a common flow_creds.json file.
And yes the new project feature makes this a lot easier.