Hi everyone ,

I am working on a local security setup for my Chrome Extension and n8n workflow, and I would like to get feedback before I build the next version and write the next tutorial.
This is the current reference article:

🔐 [Tutorial Part 2] Securing Your Chrome Extension → n8n (HMAC & Native Messaging) - #2 by Haian_Abou-Karam

Recently, I was reading IBM’s article on crypto-agility:

Crypto-agility and quantum-safe readiness | IBM Quantum Computing Blog

It made me think about a simple question:
How can I make my current secure setup easier to evolve later, without turning it into an overengineered enterprise crypto system?

My current setup

My project is intentionally simple:
• one Chrome Extension
• one Native Messaging Host
• one local n8n workflow
• HMAC-based request validation
• replay protection with timestamp / nonce checks
• local trust boundary
• no secrets exposed in the extension
So this is not a multi-workflow platform. It is just one local secure flow.

Why I am thinking about crypto-agility

My understanding of crypto-agility is not “change algorithms for the sake of it.”
For me, it means:
• making cryptographic choices easier to update later,
• avoiding hardcoded validation logic everywhere,
• keeping future migration options open,
• and being able to change keys or crypto details without rewriting the whole workflow.
For a small local project, I do not think full crypto-agility is necessary.
What I am considering is light crypto-agility.

What I mean by “light crypto-agility”

Not a full enterprise architecture.
Not a sidecar.
Not a crypto gateway.
Not multiple algorithm providers.
Just a small improvement to make the current setup easier to maintain later.
That means:
• keeping validation in one place
• keeping secrets out of code
• optionally adding a kid or version field later
• making future changes easier
• avoiding repeated crypto logic
This seems like a good balance for a small business or local project: a useful upgrade, but still simple.

My proposed v2.0 direction

Current flow

Current Flow Chrome n8n Security Haian Aboukaram959×2205 214 KB

Light crypto-agility flow

Crypto-agility Flow Chrome n8n Security Haian Aboukaram1111×3630 381 KB

The goal is not to create extra complexity.
The goal is to make the security layer cleaner and easier to evolve later.

What I want feedback on

My main question is:
For a local one-extension / one-workflow setup, does light crypto-agility make sense, or is it already too much?
I think it is worth doing because:
• it gives a small but real improvement,
• it keeps the architecture maintainable,
• and it avoids overengineering.
But I would like to hear what others think before I build v2.0.
Does this feel like the right balance for a local secure setup?