Extract all secrets from your instance

Tips & Tricks
1

This is a small JS script to extract secrets that are store in your n8n instance.

var CryptoJS = require("crypto-js");


// how to get the key?

// docker exec -u node -it n8n-n8n-1 /bin/sh -c 'cat ~/.n8n/config'
// docker exec -u node -it n8n-n8n-1 /bin/sh -c 'cat ~/.n8n/config' | jq -r '.encryptionKey'
const encryptionKey="abcdef"; // should be 32 characters

// how to get the secrets?

// docker exec -u node -it n8n-n8n-1 n8n export:credentials --all > secrets.json
const secrets = require('./secrets.json')

const results=[];

for(const secret of secrets) {
    const item={
        id: secret.id,
        type: secret.type,
        name: secret.name,
        data: CryptoJS.AES.decrypt(secret.data, encryptionKey).toString(CryptoJS.enc.Utf8),
    };
    results.push(item);
}

console.log(JSON.stringify(results, null, 2));

The result is something like this:


[
  ...
  {    
    "id": "oqiwuzoiquwepoiq",
    "type": "postgres",
    "name": "Postgres account",
    "data": "{\"host\":\"myhost\",\"database\":\"mydatabase\",\"user\":\"myuser\",\"password\":\"mypassword\"}"
  },
  ...
}
1 Like
2

Thanks for sharing, You can also use the CLI and the command below if an alternative approach is needed.

docker exec -u node -it n8n n8n export:credentials --all --decrypted
1 Like
3

I did this for “learning” on how to create secrets with openssl without CryptoJS / Javascript.

1 Like