How are credentials stored?

I could not find any information on whether the credentials are stored securely encrypted in the database. Although it is stated that the database itself is encrypted, there is still the possibility that the passwords are stored in it in unencrypted text form. Is that the case?

Best regards, Yuri

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
  • n8n version: 1.27.2
  • Database (default: SQLite): SQLite / Cloud
  • n8n EXECUTIONS_PROCESS setting (default: own, main): own, main
  • Running n8n via (Docker, npm, n8n cloud, desktop app): cloud
  • Operating system: Win11

Hey @Yuri,

Welcome to the community :cake:

Credentials are encrypted in the database, You can find how we do this here: n8n/packages/core/src/Cipher.ts at master · n8n-io/n8n · GitHub

Hey Jon, thanks for your help.
Can you tell me a bit about how it works?
Where is the encryptionKey generated / stored and is the code based on a known procedure?

Hey @Yuri,

You can find the code in the link above it is a fairly standard AES-256 encryption function.

The encryption key is stored as either an env option or in a config file and is generated when n8n first starts up (unless you define it as env option). You can find the generation for that here: n8n/packages/core/src/InstanceSettings.ts at master · n8n-io/n8n · GitHub

I would recommend looking through the code if you wanted to dig further into how the encryption of credentials works.