Keep secrets out of your n8n backups.
n8n workflows are full of secrets — API keys and tokens hardcoded in HTTP headers, auth fields, and node parameters. The moment you export or back up a workflow, those secrets travel with it. Keel strips them first.
Your workflow JSON is leakier than it looks
Export a workflow and you'll often find a bearer token in a header or an API key in a node parameter, sitting in plain text. Commit that to Git or paste it in a ticket and you've leaked a credential — usually without realizing it.
How Keel protects your secrets
Redaction before it leaves
Secrets are stripped on the agent — in your environment — before anything is stored, committed, or sent.
Catches hidden secrets
Not just obvious fields: bearer tokens, provider keys, JWTs, URL credentials, and secrets tucked in name/value header pairs.
Your API key never leaves
The n8n API key stays on your box and is used locally; it's never part of any payload.
See it for yourself
There's a live, in-browser demo where you paste a workflow and watch the secrets get masked.
Find out what changed before your client does.
Keel runs a lightweight agent next to your n8n — snapshots, diffs, alerts, and rollback, with your secrets and API key never leaving your box. Free forever on one instance.
Questions
Do n8n exports contain secrets?
Often yes — credentials hardcoded in headers or node parameters are exported in plain text. That's exactly what Keel redacts before storing or committing anything.
Can I see what gets redacted?
Yes — paste a workflow into the free in-browser demo at keel.tools/tools/n8n-redact and watch the secrets get stripped.
Does my n8n API key ever leave my server?
No. The agent uses it locally to read metadata; it never appears in any payload sent to Keel.
See every change before it breaks a client.
Point Keel at your n8n estate this week. Free 14-day trial, no card, your keys never leave your infrastructure.