Hide credential password

I would like to give other users access to n8n so they can create and update workflows. However I have a problem giving them access if they can just read out passwords from all connected systems.

As long as there is no user management / password store implemented as proposed in the request it would be good if we could have a flag to hide (***) passwords in the credential manager. This way users can use the system but are not able to read the credentials for other systems.

Hey @jwillmer,

Unfortunately, hiding a password behind *** is very easy to bypass. I think a better way of dealing with the whole password issue is to set up a form of two-factor authentication (2FA) so that users can still use the credentials but managers with the 2FA token/kep/app can manage the passwords.

It is not easy to bypass if the server returns ***** instead of the password.

Agreed.

Unfortunately, the *** masking is usually done by the web browser and trivial to bypass. But, I think that n8n can learn from these things.

I’m pretty sure @jwillmer is not referring to using the password input type as protection, but rather not actually returning the credentials from the server at all, just using **** as a literal placeholder value. In lieu of user management and roles, those credentials marked as sensitive could be write-only from the UI?

Welcome to the community @pemontto!

Yes makes sense. Giving more fine-grained control over the credentials (like who can create, delete, update, use, see, …), workflows, … is planned with User Management/User and Privilege Management. We will start to work on that very soon and hope we will have it ready in the next few months:

1 Like

I think that it’s easy to implement it somehow. When returning the credentials from the server, replace sensitive fields with null or another dummy marker.

The problem I think is that sometimes you want to be able to retrieve this information, so controlling when to hide or not is seems to me to be the implementation issue. I did myself to get some secret in the N8N.

With user management, that could be done logically with per user permission. But for now, I see 2 options:

  1. set a flag to hide or not all the fields in all credentials marked as password.
  2. create a flag that is per field per password, like “Write only store”, that those flags are never returned, but the others are.
1 Like