n8n is an automation control plane that holds API credentials and executes code-like workflow steps. Hardening must focus on credential encryption, webhook exposure controls, and queue-worker separation.
¶ 1) Set and protect N8N_ENCRYPTION_KEY
n8n uses N8N_ENCRYPTION_KEY to encrypt credential data.
Required controls:
- set a strong, random
N8N_ENCRYPTION_KEY before production go-live
- store the key in secret management, not in plain compose files
- back up key material alongside database backups so restores remain decryptable
¶ 2) Enforce secure cookie/session and reverse-proxy settings
n8n documents security-related environment variables for secure cookies and host/protocol trust.
Hardening baseline:
- set
N8N_PROTOCOL=https and correct N8N_HOST
- enable secure cookies (
N8N_SECURE_COOKIE=true) when using HTTPS
- configure reverse-proxy headers correctly to avoid mixed-protocol/session issues
n8n can expose webhooks publicly while editor/admin UI should remain tightly controlled.
Network controls:
- publish webhook endpoint through controlled ingress/WAF
- restrict editor/admin routes to internal VPN or allowlisted IPs
- apply rate limits and request size limits to webhook ingress
¶ 4) Use queue mode for workload isolation and blast-radius reduction
For production, n8n supports queue mode with separated worker execution.
Control model:
- run web/editor and workers separately
- limit worker concurrency and outbound egress to required destinations
- monitor queue depth and failed jobs for abuse or runaway flows
¶ 5) Operational governance for credentials and custom code
n8n workflows can run JavaScript/function logic and interact with privileged systems.
Governance controls:
- enforce review for new/changed production workflows
- restrict who can edit credentials and who can activate workflows
- rotate integration tokens periodically and after staff changes
- n8n security configuration: https://docs.n8n.io/hosting/configuration/security/
- n8n environment variables: https://docs.n8n.io/hosting/configuration/environment-variables/
- n8n environment variables (security): https://docs.n8n.io/hosting/configuration/environment-variables/security/
- n8n source repository: https://github.com/n8n-io/n8n
- n8n-hosting examples: https://github.com/n8n-io/n8n-hosting
Any questions?
Feel free to contact us. Find all contact information on our contact page.