User role telemetry added to secrets events

ireneea

·Apr 13, 2026·#27431feat(core): Add userRole and feature-enabled telemetry for external secrets

User role is now captured in credential and external secrets telemetry events, enabling role-based adoption analysis across the platform.

External secrets and credential telemetry now include the user's role, making it possible to segment feature adoption by permission level. Previously, these events only tracked user IDs, leaving role-based analysis impossible. The changes add user role to events across secret provider connections (created, updated, deleted, tested, reloaded), credential operations, and custom role management. A new event fires when external secrets system roles are toggled on or off. In the frontend, telemetry identify calls now pass user role through to tracking traits, ensuring consistent role attribution across both client and server telemetry. This enables platform administrators to understand which roles are adopting features and where documentation or training efforts should be targeted.

View Original GitHub DescriptionFact Check

Fact Check Notice: The PR description mentions "check the network tabs when creating or updating a credential" for testing frontend events, but no test files are visible in the file changes. The description also claims 'user_role' is added to ALL credential events (created, updated, deleted, tested, reloaded), but the diff only shows changes to credentials-created and credentials-updated handlers — deleted, tested, and reloaded handlers don't appear to include userRole in the visible changes.

Summary

Adds user_role to all credential and external secrets connection events (created, updated, deleted, tested, reloaded)
- added user_role to frontend events via context.traits
Adds uses_external_secrets to credential created/updated events to track secret adoption
Adds new external-secrets-system-roles-toggled event when the feature is toggled on/off
Adds custom role CRUD telemetry events (created, updated, deleted)

Testing frontend events

check the network tabs when creating or updating a credential
you should see telemetry/proxy/v1/track requests, and in their payload you should see context.traits.user_role

Testing backend events

You can create a simple node http server to echo the telemetry events (see code below) Then start your n8n instance as usual but add this env var: N8N_DIAGNOSTICS_CONFIG_BACKEND="whateverkey;http://localhost:9090" Then you can make changes to credentials, custom roles and exetrnal secrets and check that the telemetry events are sent with the right data.

// echo-server.js
const http = require('http');
http.createServer((req, res) => {
  let body = '';
  req.on('data', chunk => body += chunk);
  req.on('end', () => {
    console.log(`\n--- ${req.method} ${req.url} ---`);
    if (body) {
      try {
        const parsed = JSON.parse(body);
        console.dir(parsed, { depth: null, colors: true });
      } catch (e) {
        console.error('Failed to parse JSON body:', e);
        console.log(body);
      }
    }
    res.writeHead(200).end('ok');
  });
}).listen(9090, () => console.log('Telemetry server on :9090'));

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/LIGO-380

Review / Merge checklist

I have seen this code, I have run this code, and I take responsibility for this code.
PR title and summary are descriptive. (conventions)
Docs updated or follow-up ticket created.
Tests included.
PR Labeled with release/backport (if the PR is an urgent fix that needs to be backported)