I have to move my workflows and credentials from one installation to another. I was using simple coping of the
.n8n files (
database.sqlite), but after a lot of messing around, there were strange errors that got introduced, so I decided to get a clean slate and just import the workflows data. Doing testing the offending workflows by hand it showed that the clean slate helped.
Then I used the CLI export and import commands (https://docs.n8n.io/reference/start-workflows-via-cli.html#credentials) for workflows and credentials to a fresh installed N8N setup. It went ok, successfully imported everything, but when I tried to use it I got errors on decoding the credentials.
Turns out the
export:credentials command just copies the database entries as JSON, and does not export them. So when importing, as the new installation has a different secret key, they fail to decrypt them.
I was really surprised by this behavior, and it seems to be a bug. I was going to open it on Github issues but as I was told to try to do things around here, I’m posting it here.
I think it’s easy to solve this, and I was going to do it and open a PR. But first, I need to check about the design decisions about this.
The CLI command
n8n export:credentials and
n8n import:credentials just copy the database data, but doesn’t really export them, as they are saved in the exported format encrypted with the instance private key.
So they are not suitable for exporting and importing, as different instances usually have different private keys.
I think this is not what people would expect from these commands. I understand the import similar to manual import/export, like downloading the workflow as JSON and importing, or copying manually the credentials values.
I would like to fix this and open a PR, but first I want to check with the authors about it.
- For fixing it, just decrypting on export and encrypting on import would be enough?
- Is the current behavior desired in any way? If so, should a flag be added to the command to tell it to keep it encrypted?