n8n-nodes-encryption

A secure, fast, and reliable n8n node for encrypting and decrypting strings using AES-256-GCM.

Features

• AES-256-GCM Encryption: Industry-standard authenticated encryption
• Fast: Hardware-accelerated on modern CPUs
• Secure: 256-bit encryption with authentication tags to prevent tampering
• Secret Generation: Generate cryptographically secure keys
• Flexible: Use credentials or expressions for the secret key

Security

This node uses:

• AES-256-GCM: Authenticated encryption that ensures both confidentiality and integrity
• PBKDF2: Key derivation with 100,000 iterations for password-based keys
• Random IV: Each encryption uses a unique 12-byte initialization vector
• 16-byte Auth Tag: Detects any tampering with the encrypted data

Operations

1. Generate Secret

Generate a cryptographically secure 256-bit secret key.

Output formats:

• Hex: 64 characters (default)
• Base64: 44 characters

2. Encrypt

Encrypt multiple fields at once using AES-256-GCM. Works like the Set node - add as many fields as you need!

Inputs:

• Secret Source: Choose between credentials or expression
• Fields to Encrypt: Add multiple field mappings
  • Input Value: The value to encrypt (use expressions like {{ $json.email }})
  • Output Field Name: Name for the encrypted output field

Output: Base64-encoded encrypted data containing salt, IV, auth tag, and ciphertext.

3. Decrypt

Decrypt multiple encrypted fields at once.

Inputs:

• Secret Source: Choose between credentials or expression
• Fields to Decrypt: Add multiple field mappings
  • Encrypted Value: The encrypted value (use expressions like {{ $json.encryptedEmail }})
  • Output Field Name: Name for the decrypted output field

Output: Original plaintext for each field

Multi-Field Example

Encrypt email and phone in a single node:

1. Add field: {{ $json.email }} → encryptedEmail
2. Add field: {{ $json.phone }} → encryptedPhone
3. Add field: {{ $json.ssn }} → encryptedSSN

All three fields are encrypted with the same key in one operation.

Installation

In n8n

1. Go to Settings > Community Nodes
2. Select Install
3. Enter n8n-nodes-encryption
4. Click Install

Manual Installation

# In your n8n installation directory
npm install n8n-nodes-encryption

Development

# Clone the repository
git clone <repo-url>
cd n8n-encrypt

# Install dependencies
npm install

# Build the node
npm run build

# Link to n8n for development
npm link
cd ~/.n8n/nodes
npm link n8n-nodes-encryption

Usage Example

Encrypting an Email Before Sending to AI

1. Generate Secret (one time):

   • Add Encryption node
   • Select "Generate Secret" operation
   • Run to get your secret key
   • Store the secret in credentials

2. Encrypt Sensitive Data:

   • Add Encryption node before your AI agent
   • Select "Encrypt" operation
   • Use credentials for the secret
   • Input: {{ $json.email }}
   • Output: encrypted field with encrypted email

3. Decrypt Response:

   • Add Encryption node after your AI agent
   • Select "Decrypt" operation
   • Use the same credentials
   • Input: {{ $json.encrypted }}
   • Output: decrypted field with original email

Best Practices

1. Store secrets securely: Use n8n credentials, never hardcode secrets
2. Same secret for encrypt/decrypt: Use the same secret key for both operations
3. Backup your secrets: Encrypted data cannot be recovered without the secret
4. Use credentials mode: Preferred over expression mode for better security

Technical Details

• Algorithm: AES-256-GCM
• Key Length: 256 bits (32 bytes)
• IV Length: 96 bits (12 bytes) - NIST recommended for GCM
• Auth Tag: 128 bits (16 bytes)
• Key Derivation: PBKDF2-SHA256 with 100,000 iterations
• Salt Length: 128 bits (16 bytes)

License

MIT