The idea is:
Implement built-in support for AWS SSM Parameter Store as an external secrets provider in n8n, allowing users to configure Parameter Store paths and have n8n fetch secrets at runtime.
My use case:
I run n8n on Kubernetes with secrets in AWS SSM Parameter Store and want n8n to load these parameters directly into credential fields without storing them in environment variables or the database.
I think it would be beneficial to add this because:
- Centralized secret management: Leverage AWS SSM Parameter Store for all n8n secrets, reducing duplication and risk.
- Dynamic updates: n8n could poll Parameter Store using
N8N_EXTERNAL_SECRETS_UPDATE_INTERVALto refresh secrets without redeployment. - Fine-grained access control: Use IAM policies to restrict which parameters n8n can read.
- Cost-effective alternative: Parameter Store is cheaper than Secrets Manager for key-value secrets.
- Enterprise integration: Complements n8n’s external secrets feature available on Enterprise plans.
Any resources to support this?
- AWS SSM Parameter Store API docs: GetParameter - AWS Systems Manager