/n8n-tutorials

How to secure n8n with basic auth?

Learn how to secure your n8n instance with basic auth using simple steps to protect workflows and keep your automation environment safe.

Book a free  consultation
Matt Graham, CEO of Rapid Developers

Book a call with an Expert

Starting a new venture? Need to upgrade your web app? RapidDev builds application with your growth in mind.

Book a free consultation

How to secure n8n with basic auth?

The simplest and correct way to secure n8n with Basic Auth is to set two environment variables where n8n runs: N8N_BASIC_AUTH_ACTIVE=true and a username/password via N8N_BASIC_AUTH_USER and N8N_BASIC_AUTH\_PASSWORD. Once you restart n8n, anyone visiting the n8n editor or any endpoint that is not a webhook must enter this Basic Auth username and password.

 

What Basic Auth in n8n Actually Does

 

Basic Auth in n8n protects the n8n editor UI and the REST API. It does not protect public webhooks. n8n webhooks always stay public unless you secure them yourself with keys, signatures, or custom logic in the workflow.

Basic Auth is essentially a “login wall” your browser shows before you can see the n8n UI. It’s not fancy, but it’s reliable and simple, which is why it’s the recommended minimum security when your instance is exposed to the internet.

 

How to Enable Basic Auth (Production‑safe Setup)

 

You secure n8n with Basic Auth by setting the following environment variables wherever n8n runs (Docker, server, or cloud):

// Enable Basic Auth
export N8N_BASIC_AUTH_ACTIVE=true

// Choose your login username
export N8N_BASIC_AUTH_USER=admin

// Choose a strong password
export N8N_BASIC_AUTH_PASSWORD="a-strong-password"

If you use Docker, this goes into your docker run command or your docker-compose.yml file. After setting the variables, restart the n8n service so the settings take effect.

 

Example: Docker Compose Setup

 

services:
  n8n:
    image: n8nio/n8n
    environment:
      N8N_BASIC_AUTH_ACTIVE: "true"          // turn Basic Auth on
      N8N_BASIC_AUTH_USER: "admin"           // login username
      N8N_BASIC_AUTH_PASSWORD: "myPassword"  // login password
    ports:
      - "5678:5678"

After restarting:

  • Your browser will prompt for username and password when you open n8n.
  • API access also requires this Basic Auth.

 

Important Things to Know (Real‑world Experience)

 

  • This does NOT secure your webhooks. Webhooks stay public so external systems (Stripe, Notion, Slack, etc.) can call them. If you need to secure a webhook, do it inside the workflow using signatures or shared keys.
  • Use HTTPS. Basic Auth sends credentials with every request. Without HTTPS, they travel unencrypted.
  • Don’t commit these values to git. Store them in environment variables or a secret manager.
  • Works with the editor + API only. It doesn’t change execution of workflows or trigger behavior.

 

Why This Matters in Production

 

Running n8n without Basic Auth on a public URL is unsafe. Bots and scanners will find the endpoint within hours and hammer it. Basic Auth is the minimum layer of protection you should always enable before exposing n8n to the internet. It’s lightweight, built-in, and doesn’t interfere with workflows or operations.

This setup keeps your instance protected while staying simple, predictable, and fully supported by n8n.

Want to explore opportunities to work with us?

Connect with our team to unlock the full potential of no-code solutions with a no-commitment consultation!

Book a Free Consultation

Client trust and success are our top priorities

When it comes to serving you, we sweat the little things. That’s why our work makes a big impact.

Rapid Dev was an exceptional project management organization and the best development collaborators I've had the pleasure of working with. They do complex work on extremely fast timelines and effectively manage the testing and pre-launch process to deliver the best possible product. I'm extremely impressed with their execution ability.

CPO, Praction - Arkady Sokolov

May 2, 2023

Working with Matt was comparable to having another co-founder on the team, but without the commitment or cost. He has a strategic mindset and willing to change the scope of the project in real time based on the needs of the client. A true strategic thought partner!

Co-Founder, Arc - Donald Muir

Dec 27, 2022

Rapid Dev are 10/10, excellent communicators - the best I've ever encountered in the tech dev space. They always go the extra mile, they genuinely care, they respond quickly, they're flexible, adaptable and their enthusiasm is amazing.

Co-CEO, Grantify - Mat Westergreen-Thorne

Oct 15, 2022

Rapid Dev is an excellent developer for no-code and low-code solutions.
We’ve had great success since launching the platform in November 2023. In a few months, we’ve gained over 1,000 new active users. We’ve also secured several dozen bookings on the platform and seen about 70% new user month-over-month growth since the launch.

Co-Founder, Church Real Estate Marketplace - Emmanuel Brown

May 1, 2024 

Matt’s dedication to executing our vision and his commitment to the project deadline were impressive. 
This was such a specific project, and Matt really delivered. We worked with a really fast turnaround, and he always delivered. The site was a perfect prop for us!

Production Manager, Media Production Company - Samantha Fekete

Sep 23, 2022