Securing n8n

Securing your n8n instance can take several forms.

At a high level, you can:

• Conduct a security audit to identify security risks.
• Set up SSL to enforce secure connections.
• Set up Single Sign-On for user account management.
• Use two-factor authentication (2FA) for your users.
• Enable encryption key rotation to periodically replace the key that encrypts credentials and other sensitive data.
• Enable JWE token decryption for OAuth 2.0 credentials so your identity provider can encrypt access and ID tokens that only your instance can decrypt.

You can also protect sensitive data processed by your workflows:

• Redact execution data to hide input and output data from workflow executions.

More granularly, consider blocking or opting out of features or data collection you don't want:

• Disable the public API if you aren't using it.
• Opt out of data collection of the anonymous data n8n collects automatically.
• Block certain nodes from being available to your users.
• Protect against SSRF attacks to control which hosts and IP ranges workflow nodes can connect to.
• Restrict account registration to email-verified users.

Chat with the docs

This page was Helpful Not helpful

Thanks for your feedback!

Submit