🔒 n8n Security Scanner

Free Credential Scanner - Find Exposed Secrets in Workflows

Detect hardcoded API keys, passwords, and sensitive data before it's too late.

Secret Detection

Pre-Deploy Check

Security Report

Try Free Credential Scanner

What Is a Credential Scanner?

A credential scanner analyzes your workflow JSON to find exposed secrets like API keys, passwords, tokens, and other sensitive data. It checks Code nodes, HTTP Request headers, and expression values for patterns that match common credential formats. This prevents accidental exposure when sharing workflows or deploying to production.

Why Credential Security Matters in n8n

Hardcoded credentials in workflows are a major security risk. When you share workflow JSON for troubleshooting, export to a repository, or deploy to a shared n8n instance, those credentials are exposed. Attackers actively scan public repositories for leaked API keys. One exposed credential can compromise your entire system.

n8n Credential Security Best Practices

Always use n8n's built-in Credentials store instead of hardcoding
Never paste API keys directly into Code or HTTP Request nodes
Review workflow JSON before sharing with anyone
Use environment variables for sensitive configuration
Rotate credentials if they've ever been exposed
Enable n8n's credential encryption in self-hosted instances

Frequently Asked Questions

What types of secrets does the scanner detect?

The scanner detects API keys (Stripe, AWS, OpenAI, etc.), OAuth tokens, passwords, private keys, webhook secrets, and other credential patterns. It uses pattern matching to identify common secret formats found in Code nodes, HTTP headers, and configuration values.

Are my credentials safe when I use this tool?

We process your workflow JSON to scan for patterns but don't store your data. However, if your workflow already contains exposed credentials, you should rotate them after securing the workflow. The act of pasting them anywhere creates risk.

What if the scanner finds false positives?

Some patterns may trigger false positives (like test keys or example values). Review each finding to determine if it's a real credential. When in doubt, treat it as real and move the value to n8n's secure Credentials store.

How should I fix exposed credentials?

First, rotate the exposed credential in the source service. Then move the credential to n8n's built-in Credentials store and reference it using $credentials or the appropriate node credential selector. Never hardcode credentials in Code nodes.

Is this scanner free to use?

Yes, completely free with no signup required. Security is critical for automation, and we want to help the n8n community avoid credential exposure. For security audits or remediation help, we offer professional consulting services.

Ready to Automate Your Business?

Tell us what you need automated. We'll build it, test it, and deploy it—fast.

Request More Information

✓ 48-72 Hour Turnaround

✓ Production Ready

✓ Free Consultation