Fetching API keys from secrets.yaml.gotmpl

Hello, we have a helm based deployment which means there are some api keys encrypted inside secrets.yaml.gotmpl file.
Now, for a use case let’s say we want to use the api key in ‘Sendgrid’ node to set up its credentials.
Can anyone suggest what will be the best possible way to do this, so that we can use that api key from secrets file and there is no trace / logs regarding that key elsewhere in the workflow.

Currently, the only approach that we’ve found is using a ‘Set’ node to extract the api key from the env using the expression: {{ $env[“SENDGRID_API_KEY”] }} and then using it in the Sendgrid node credential. It is working this way but I am not sure about the security of the key in this scenario.

Also, directly {{ $env[“SENDGRID_API_KEY”] }} is not working inside the Sendgrid node.
Any suggestions would be really helpful in this case.

Hi @Nitish_Kumar, welcome to the community!

it sounds like you’ve figure it out mostly. You can use expressions in your credentials, and this would currently be the only way to configure the authentication.

Credentials are not part of your workflow execution logs. If you’re curious about the exact data stored by n8n you can check the execution_entity table of your n8n database. Credentials are only referenced by type, id, and name, but not by content:

image

Hope this helps!

1 Like

Thanks @MutedJam, got it.
The expression is working in the credentials also.

1 Like