Gitpulse
Merged
Size
L
Change Breakdown
Feature70%
Refactor30%
#27675feat(core): Improve custom auth JSON masking, preserve shape, redact leaf values

Custom auth JSON credentials now preserve shape when redacted

Custom auth JSON credentials now preserve shape when redacted
GU
guillaumejacquart
·Apr 1, 2026

Credential editors can now see the structure of their JSON auth data after saving — keys remain visible while values are masked with ***, and the field stays directly editable.

When developers save HTTP custom authentication credentials in n8n, the JSON field is now intelligently redacted. Previously, the entire JSON payload disappeared behind a blanking sentinel, leaving users with an empty field and an "Edit" button to clear and refill everything. Now the backend parses the JSON and replaces only the leaf values with *** while preserving the original structure — keys, nested objects, and array indices stay visible.

This means credential editors can see exactly what fields exist in their auth payload without exposing sensitive values. Adding a new key or changing a value works directly in the editor without clearing the field. On save or test, the system merges the edited JSON intelligently: leaves still set to *** are restored from the saved credential, while any changed values are preserved as entered.

The change applies to the backend credential service handling save/test operations and the frontend credential edit interface. A new redactJsonLeaves option can be applied to any credential JSON field to enable this behavior.

View Original GitHub Description

Summary

Improves the masking of httpCustomAuth credentials' JSON field. Previously, the entire JSON value was replaced with a single blanking sentinel, losing the structure. Now:

  • Backend (redact): parses the JSON and replaces every leaf value with ***, preserving the key/object structure so users can see what keys exist
  • Backend (unredact): merges the edited JSON on save/test — leaves still set to *** are restored from the saved credential, changed values are kept
  • Frontend: detects the shaped-redacted JSON and displays it as-is in the editor, allowing direct editing without clearing the field first
  • Reload after save: credential data is re-fetched after saving so the redacted shape is immediately visible

The redaction logic was also refactored for clarity: redactValues is now a thin wrapper over redactSensitiveProperties (schema-based blanking) and redactJsonObject (leaf-level JSON redaction), with extensive tests covering deep nesting, arrays, type changes, key deletion and addition.

Demo

https://www.loom.com/share/a212bb7d491f4834a72d4146356ce154

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/IAM-408

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse