multicorn

Lesson 5 of 5

Self-hosting and managing credentials

Run n8n on your own server and manage API keys securely.

14 min read

What you will do

Understand when self-hosting makes sense, how to set it up, and how to manage credentials safely.

When to self-host

n8n Cloud is the easiest option: managed infrastructure, automatic updates, built-in credential encryption. Self-hosting makes sense when:

  • Data sovereignty. Your company requires that data stays on servers you control, in a specific region.
  • Cost at scale. The Community Edition is free with unlimited executions. If you run tens of thousands of workflows per month, self-hosting can be dramatically cheaper than cloud.
  • Custom integrations. You need to run custom code nodes that access internal services not exposed to the internet.

If none of these apply, stay on Cloud. The operational overhead of self-hosting (server maintenance, backups, updates, monitoring) is real.

Set up with Docker

The most common self-hosting path uses Docker.

  1. Install Docker on your server.
  2. Run the n8n Docker image. The official image is n8nio/n8n.
  3. Map a persistent volume for the database (n8n uses SQLite by default, but you can configure PostgreSQL for production).
  4. Set the encryption key environment variable (N8N_ENCRYPTION_KEY). This key encrypts credentials at rest. If you lose it, you lose access to all stored credentials.
  5. Configure HTTPS. Run n8n behind a reverse proxy (Nginx, Caddy) with a valid TLS certificate. Never expose n8n over plain HTTP.

Manage credentials

n8n stores credentials (API keys, OAuth tokens, database passwords) in an encrypted database. Treat this database and its encryption key with the same care as any secrets vault.

  • Never commit the encryption key to version control.
  • Back up the credentials database. If the database is lost and you do not have a backup, you will need to re-enter every credential.
  • Rotate API keys regularly. If an API key is compromised, revoke it immediately and update the credential in n8n.
  • Use environment variables for sensitive configuration (database URL, encryption key, SMTP credentials). Do not hardcode them in configuration files.

Secure the web interface

n8n's web editor is a powerful tool. Anyone with access can view, edit, and run workflows. Protect it:

  • Set up basic auth or LDAP/SSO (available in the Enterprise self-hosted edition).
  • Restrict network access. Run n8n on a private network and use a VPN or IP allowlist.
  • Keep n8n updated. Security patches are released regularly.

What you should see

If you followed the Docker setup: an n8n instance running on your own server, accessible over HTTPS, with encrypted credential storage.

If you stayed on Cloud: an understanding of when self-hosting becomes worth the trade-off, and confidence that Cloud handles the security basics for you.

What comes next

You now have a working n8n agent workflow with triggers, AI nodes, error handling, and (optionally) a self-hosted deployment. Run it for a week, watch the execution logs, and refine.

For a broader view of how other platforms compare, see the agent platform comparison guide.

Your progress saves in this browser only. Clearing site data will reset it.

You finished n8n. How was it?

Your feedback is anonymous unless you provide an email.

Course rating (required)
Would you recommend this course to someone else?