Hi everyone.
Here’s a short tip on how to use credentials in n8n to prevent them being leaked by accident when pasting the workflow to the forum for example.
Let’s assume we want to execute a HTTP Request using a Bearer token, one simple way to do it (and I have done this mistake myself too often) is to add a header to the http request like this:
This however will treat the header as any other header and not take into consideration there is a secret in there that should be treated as such.
If I now Paste this workflow here:
You will see that it took the super secret token Baerer ejy000ffFooBar and pasted it to the workflow.
What you should do instead is to the Authentication section in the http request:
And first check if your service is listed under the “Predefined Credential Type”
If not, go ahead to the “Generic Credential Type”, choose header auth and create a new credential.
Last step is to remove the previous header
If I would now paste the workflow here, the credentials will NOT be pasted
instead just a reference to the existing header auth which is saven in your n8n an thus won’t leak the password or token to the public.
"credentials": {
"httpHeaderAuth": {
"id": "KMMPXy8cnZJnOa5Q",
"name": "Example Header Auth"
This comes with the additional advantage that you have the credential saved globaly for your instance. If you need to use that credential again you just need to select it, if you need to update it, then you will have just one place where to go and update the credential.