Security environment variables
Configure authentication and environment variable access in self-hosted n8n instance.
Security environment variables
File-based configuration
You can add _FILE to individual variables to provide their configuration in a separate file. Refer to Keeping sensitive data in separate files for more details.
| Variable | Type | Default | Description |
|---|---|---|---|
N8N_BLOCK_ENV_ACCESS_IN_NODE | Boolean | false | Whether to allow users to access environment variables in expressions and the Code node (false) or not (true). |
N8N_BLOCK_FILE_ACCESS_TO_N8N_FILES | Boolean | true | Set to true to block access to all files in the .n8n directory and user defined configuration files. |
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS | Boolean | false | Set to true to try to set 0600 permissions for the settings file, giving only the owner read and write access. |
N8N_RESTRICT_FILE_ACCESS_TO | String | Limits access to files in these directories. Provide multiple files as a semicolon-separated list (";"). | |
N8N_SECURITY_AUDIT_DAYS_ABANDONED_WORKFLOW | Number | 90 | Number of days to consider a workflow abandoned if it's not executed. |
N8N_CONTENT_SECURITY_POLICY | String | {} | Set Content-Security-Policy headers as helmet.js nested directives object. For example, { "frame-ancestors": ["http://localhost:3000"] } |
N8N_SECURE_COOKIE | Boolean | true | Ensures that cookies are only sent over HTTPS, enhancing security. |
N8N_SAMESITE_COOKIE | Enum string: strict, lax, none | lax | Controls cross-site cookie behavior (learn more):
|
N8N_GIT_NODE_DISABLE_BARE_REPOS | Boolean | false | Set to true to prevent the Git node from working with bare repositories, enhancing security. |
N8N_GIT_NODE_ENABLE_HOOKS | Boolean | false | Set to true to allow the Git node to execute Git hooks. |
Last updated on