ros/n8n-mcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: remove hardcoded credentials and add security documentation

Browse Source 
- Remove hardcoded API key and URL from debug-n8n-auth.ts
- Require environment variables with proper validation
- Add comprehensive SECURITY.md with best practices
- Address security concerns raised in issue #18

The SecureKeyGuard alert was a false positive (mistaking "validate_workflow"
for "VAULT_TOKEN"), but the review uncovered actual hardcoded credentials
that have now been removed.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
czlonkowski
2025-07-06 17:46:10 +02:00
parent ebd646737a
commit 35e4cf0da4
2 changed files with 103 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/scripts/debug-n8n-auth.ts
View File

@@ -7,8 +7,14 @@ import { config } from 'dotenv';
config();
async function debugN8nAuth() {
const apiUrl = process.env.N8N_API_URL || 'https://n8n.energyhouse.com.pl';
const apiKey = process.env.N8N_API_KEY || 'n8n_api_f94c0b3fb3bf1a3a690f37bb0c5c0de43c7b690c0a33c88b6baaa37ae896dc96';
const apiUrl = process.env.N8N_API_URL;
const apiKey = process.env.N8N_API_KEY;
if (!apiUrl || !apiKey) {
console.error('Error: N8N_API_URL and N8N_API_KEY environment variables are required');
console.error('Please set them in your .env file or environment');
process.exit(1);
}
console.log('Testing n8n API Authentication...');
console.log('API URL:', apiUrl);