Extract all secrets from your instance

This is a small JS script to extract secrets that are store in your n8n instance.

var CryptoJS = require("crypto-js");

// how to get the key?

// docker exec -u node -it n8n-n8n-1 /bin/sh -c 'cat ~/.n8n/config'
// docker exec -u node -it n8n-n8n-1 /bin/sh -c 'cat ~/.n8n/config' | jq -r '.encryptionKey'
const encryptionKey="abcdef"; // should be 32 characters

// how to get the secrets?

// docker exec -u node -it n8n-n8n-1 n8n export:credentials --all > secrets.json
const secrets = require('./secrets.json')

const results=[];

for(const secret of secrets) {
    const item={
        id: secret.id,
        type: secret.type,
        name: secret.name,
        data: CryptoJS.AES.decrypt(secret.data, encryptionKey).toString(CryptoJS.enc.Utf8),

console.log(JSON.stringify(results, null, 2));

The result is something like this:

    "id": "oqiwuzoiquwepoiq",
    "type": "postgres",
    "name": "Postgres account",
    "data": "{\"host\":\"myhost\",\"database\":\"mydatabase\",\"user\":\"myuser\",\"password\":\"mypassword\"}"
1 Like

Thanks for sharing, You can also use the CLI and the command below if an alternative approach is needed.

docker exec -u node -it n8n n8n export:credentials --all --decrypted

1 Like

I did this for “learning” on how to create secrets with openssl without CryptoJS / Javascript.

1 Like