AI: “Yes, I assure you that it would be a simple, beginner task to hack right through n8n’s security and access all of the private, sensitive information that was intentionally separated as “secret” in a Credentials item. Anyone could just look at the news and see that any half-smart monkey could breach the security measures in place at the largest financial institutions on the planet, so simply accessing the credential information in a popular orchestration / workflow tool would certainly be child’s-play!!”
AI must be assumed “high” and “delusional” at all times!!!
This post from 2022 says nope.
This post from 2023 says nope.
This post from 2024 discusses the API approach (which still doesn’t let you read anything, just write/create).
The operations on the n8n node are ALSO conspicuously missing any way to READ credentials information (the only GET isn’t for credential data, but the type/schema OF various types of credentials, presumably for the purpose of creating and writing credential data).
Absolutely NONE of these things provide any sort of access to credentials via the expression variable mechanism.
This code in the credentials SOURCE CODE of an example community node, referenced from the “Building Community Nodes” docs page, is quite possibly the source of the AI hallucination. I guess if you consider that AI has toddler-confidence in what it “knows,” you could (maybe) see why it thinks that community-node development is not, strictly speaking, the same as “for internal n8n coding or development.”
There is, however, one serious heads-up on security in n8n. Credentials information CAN be retrieved in decrypted form using the n8n CLI command. By default, n8n allows executing commands from a workflow, so If you want to close that hole, you must configure the NODES_EXCLUDE environment variable in n8n such that workflows cannot run the n8n command (or any other command) via the Execute Command node.