Hi,
I have several n8n instances deployed in Kubernetes (using the helm chart by 8gears). All is good, they work quite good, especially considering it’s in a mix of vSphere and Kubernetes.
Each one is running with two dedicated worker pod along with the main one. All separated in dedicated namespace and databases.
My question is: how N8N_BLOCK_ENV_ACCESS_IN_NODE is supposed to work?
The documentation say :
Whether to allow users to access environment variables in expressions and the Code node (false) or not (true).
Which is what I did but found that it does not prevent a code node to access theses variables!
Well the screenshot it quite weird, it clearly print the vars that say it shouldn’t be able to access it! 
I’ve checked manually on all pods and they all have the boolean to true.
Am I missing something? If that’s the expected behavior, how can I prevent user from accessing them?
My concern is that when you print the full env, you can therefor get the path where the secrets are stored and by just rerunning the code node with cat, you retrieve everything!
And that’s a big security concern.
Cheers,
Anthony
Information on your n8n setup
- n8n version: 1.4.1
- Database (default: SQLite): PostgreSQL
- n8n EXECUTIONS_PROCESS setting (default: own, main): main
- Running n8n via (Docker, npm, n8n cloud, desktop app): Kubernetes docker
- Operating system:
