centersl/n8n-docs
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n-docs.git synced 2026-03-27 09:28:43 +07:00
Code Issues Packages Projects Releases Wiki Activity
Files
0da7ab13e186c91a99b8dd15c2d8a71c36989ac0
n8n-docs/docs/external-secrets.md
Deborah Barnard 0da7ab13e1 add troubleshooting section
2023-08-01 14:59:17 +01:00

3.1 KiB
Raw Blame History

title, description, contentType
title description contentType
External secrets Use an external secrets vault with n8n. howto

External secrets

!!! info "Feature availability" * External secrets are available on Enterprise Self-hosted and Cloud plans. * n8n supports Infisical and HashiCorp Vault. * n8n doesn't support HashiCorp Vault Secrets{:target=_blank .external-link}.

You can use an external secrets vault to manage credentials for n8n.

Connect n8n to your secrets vault

  1. In n8n, go to Settings > External Secrets.

  2. Select your vault provider.

  3. Enter the credentials for your provider:

    • Infisical: provide a Service Token. Refer to Infisical's Service token{:target=_blank .external-link} documentation for information on getting your token. If you self-host Infisical, enter the Site URL.

    !!! note "Infisical environment" Make sure you select the correct Infisical environment when creating your token. n8n will load secrets from this environment, and won't have access to secrets in other Infisical environments.

    • HashiCorp Vault: provide the Base URL for your vault instance, and select your Authentication Method. Enter your authentication details. If you're using a token, refer to HashiCorp's Token management{:target=_blank .external-link} documentation for information on getting your token.

Use secrets in n8n credentials

To use a secret from your vault in an n8n credential:

  1. Create a new credential, or open an existing one.
  2. On the field where you want to use a secret:
    1. Hover over the field.
    2. Select Expression.
  3. In the field where you want to use a secret, enter an expression referencing the secret name: 
    {{ $secrets.<vault-name>.<secret-name> }}
    <vault-name> is either hashicorp or infisical. Replace <secret-name> with the name as it appears in your vault.

Use external secrets with n8n environments

n8n's Source control and environments feature allows you to create different n8n environments, backed by Git. The feature doesn't support using different credentials in different instances. You can use an external secrets vault to provide different credentials for different environments by connecting each n8n instance to a different vault or project environment.

For example, you have two n8n instances, one for development and one for production. You use Infisical for your vault. In Infisical, create a project with two environments, development and production. Generate a token for each Infisical environment. Use the token for the development environment to connect your development n8n instance, and the token for your production environment to connect your production n8n instance.

Troubleshooting

Infisical version changes

Infisical version upgrades can introduce problems connecting to n8n. If your Infisical connection stops working, check if there was a recent version change. If so, report the issue to help@n8n.com.

Reference in New Issue View Git Blame Copy Permalink