It would be great if we could have secrets fed in from env vars. Right now n8n requires you to create a
credential_entity thereby requiring you to manage your database contents like you manage your deployment secrets.
But IRL many of the deployment secrets are stored outside the database; you simply don’t want to pass along machine credentials with the backup files, since the backup files are handled by one type of person/role in a company, but secrets are handled by another.
Furthermore, having the credentials as env vars or files, would make it much easier to do gitops and save them as cipher text in the repo (for decryption by a k8s controller upon deployment)