I would like to give other users access to n8n so they can create and update workflows. However I have a problem giving them access if they can just read out passwords from all connected systems.
As long as there is no user management / password store implemented as proposed in the request it would be good if we could have a flag to hide (***) passwords in the credential manager. This way users can use the system but are not able to read the credentials for other systems.
Hey @jwillmer,
Unfortunately, hiding a password behind *** is very easy to bypass. I think a better way of dealing with the whole password issue is to set up a form of two-factor authentication (2FA) so that users can still use the credentials but managers with the 2FA token/kep/app can manage the passwords.
It is not easy to bypass if the server returns ***** instead of the password.
Agreed.
Unfortunately, the *** masking is usually done by the web browser and trivial to bypass. But, I think that n8n can learn from these things.
I’m pretty sure @jwillmer is not referring to using the password input type as protection, but rather not actually returning the credentials from the server at all, just using **** as a literal placeholder value. In lieu of user management and roles, those credentials marked as sensitive could be write-only from the UI?
Welcome to the community @pemontto!
Yes makes sense. Giving more fine-grained control over the credentials (like who can create, delete, update, use, see, …), workflows, … is planned with User Management/User and Privilege Management. We will start to work on that very soon and hope we will have it ready in the next few months:
I think that it’s easy to implement it somehow. When returning the credentials from the server, replace sensitive fields with null or another dummy marker.
The problem I think is that sometimes you want to be able to retrieve this information, so controlling when to hide or not is seems to me to be the implementation issue. I did myself to get some secret in the N8N.
With user management, that could be done logically with per user permission. But for now, I see 2 options: