Help understand n8n credentials encryption for backup

Describe the problem/error/question

Hey yall, I’m setting up a backup system for n8n but am a bit confused about how encryption works. My questions are as follows

• If I don’t set an encryption key, my understanding is that it is randomly generated. In this case I spun up a new n8n instance and imported my unencrypted credentials from a previous system - are these now all stored with that random encryption key since I didn’t set one?
• If I now change the encryption key environment variable - will this break my current credentials (ie because they are encrypted with some random key and would be unreadable with the new key or would n8n detect this and move them over to the new key?)
• How can I find out what the random encryption key is so I don’t lose all my credentials (if for example the previous question step goes wrong)?

Thank you!

What is the error message (if any)?

N/A

Please share your workflow

N/A

Share the output returned by the last node

N/A

Information on your n8n setup

• n8n version: 1.99.1
• Database (default: SQLite): default
• n8n EXECUTIONS_PROCESS setting (default: own, main): default
• Running n8n via (Docker, npm, n8n cloud, desktop app): docker
• Operating system: ubuntu

The encryption key can either be in an environment variable (which you would have to set before starting n8n), or it will be generated and stored in the .n8n/config file in the file system where n8n runs.

If you are running in docker and haven’t mapped the n8n runtime home directory to an external volume, the .n8n/config file will be stored in the container’s file system and if the container gets destroyed and recreated, you will lose the encryption key and you would have to re-make all credentials items.

Either set the encryption key in the environment to a value you have saved elsewhere (N8N_ENCRYPTION_KEY={some-text-value-you-know}), or back up the generated .n8n/config file contents.