Gitpulse
Merged
Size
M
Change Breakdown
Feature70%
Config30%
#28329feat: Add deployment_key table, entity, repository, and migration

Encryption key storage lands in n8n database

Encryption key storage lands in n8n database
BG
BGZStephen
·Apr 14, 2026

A new deployment_key table provides centralized storage for encryption keys, supporting data encryption, signing, and fingerprint key types. The table enforces that only one active key of each type can exist at a time.

n8n is laying the groundwork for encryption key rotation with a new database table purpose-built for key storage. The deployment_key table stores cryptographic material with support for multiple key types — data_encryption, signing variants, and instance identifiers — each with status tracking and deprecation timestamps.

The schema includes a partial unique index ensuring only one active key per type exists at any moment. This constraint prevents scenarios where multiple competing keys could create ambiguity during cryptographic operations.

The entity comes with a repository providing query methods: findActiveByType retrieves the currently active key for a given type, while findAllByType returns the full history for auditing or rotation workflows. Migration scripts are registered for both PostgreSQL and SQLite databases.

This infrastructure sits within the broader encryption key rotation initiative tracked in the project, with the data model designed to support future key lifecycle management features.

View Original GitHub Description

Summary

Adds the deployment_key table as pure DB infrastructure for the encryption key rotation epic. the deployment_key table is intended as a generic key store for various keys, including: data_encryption, signing, fingerprint to support the various activities within n8n.

What's added:

  • DeploymentKey TypeORM entity extending WithTimestampsAndStringId (id, createdAt, updatedAt inherited)
  • Columns: type (varchar 64), value (text), algorithm (varchar 20, nullable), status (varchar 20), deprecatedAt (datetime, nullable)
  • DeploymentKeyRepository with findActiveByType, findById, and findAllByType methods
  • Migration 1777000000000-CreateDeploymentKeyTable registered for both SQLite and PostgreSQL
  • Partial unique index IDX_deployment_key_data_encryption_active on type where status = 'active' AND type = 'data_encryption' — enforces at most one active data_encryption key at a time

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/IAM-484

Review / Merge checklist

  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
  • I have seen this code, I have run this code, and I take responsibility for this code.
© 2026 · via Gitpulse