Add ability to get and update a credential or many credentials via the API
My use case:
My customers should be able to manage all of their credentials from a custom UI. On page load I’d like to fetch a list of all credentials related to their user id and allow them to delete or update existing credential properties without touching n8n.
I think it would be beneficial to add this because:
Currently there is not a programmatic way to list credentials or update values (like a new api key or credential name) outside of the n8n UI.
I’m working on an app that shouldn’t require my customers to even know n8n exists. I want them to be able to create and manage credentials via my UI. Currently I can create and delete credentials through the API, but I can’t fetch a current list of them or even update them. Part of the solution might require allowing custom metadata fields on credentials, as the only way to tag credentials to specific users would be in the credential name. I’m imagining the ability to add a ‘userId’ field to the credential object and be able to set this on creation to my customer’s internal id, then later be able to fetch many credentials where userId = customerId.
Thinking some more about this, I suppose technically I could do it on the fly, where on a schedule a credential gets created in n8n, the workflow does some work, then deletes the credential at the end, and repeat. That seems like unnecessary work though that could be avoided with the ability to access and update existing credentials
I suppose the main motivation is I don’t want to store credentials in my database and would prefer to have them in n8n or possibly a secrets manager. I’m certainly not at enterprise scale yet, but I understand that is an option on that plan.
The API does give you enough options to get this working. The only thing you cannot do is getting actual Credential values, as this is a bit of a security risk.
Also the enterprise license allows you to store credentials in an external secrets manager.
Keep in mind that for your usecase you will need a license. (no idea if you have one of course)
Thanks @BramKn . I might be missing something. I only see three routes for credentials, POST, DEL and GET, but the GET is just for the schema. How would one update a credential?
Agreed about the security risks. I just want to show the user which credentials they already have set up (not the values) and their status and maybe allow them to verify a connection or delete them.
And yes, I’m looking into secrets managers. I don’t yet have a license but would get one.
Ah sorry, thought you could get the schema by ID of the credential or whatever to know what credential is there. For listing credentials you can probably just read the database and list the credentials like that.
For an update you can simply delete and create a new one.
Of course if you are managing the credentials outside of n8n you also know what credentials you should have in there. So as long as you are not deleting anything in n8n it should be fine to just keep track outside of n8n, as you are doing that anyways.
So just store the ID and type I mean.
Verifying connections and such are going to be tricky though, as you would need to do an actual call to the api to make sure it is working.
If you are going for an enterprise license, just get that and use the external secret store.
Thanks for this. That is encouraging. I didn’t spot that previous discussion in my search.
I do think there would be use in having a get method for credentials as well, eventually.
In the meantime, assuming credentials are in n8n cloud, is the database accessible from outside of n8n? While I imagine I could dedicate a workflow to query PostgreSQL for credentials and sort of make my own api, I’d rather fetch the data directly from my app.
