Automation is the backbone of modern IT and DevSecOps teams, but when it comes to credential management, security often makes automation tricky. While n8n is fantastic for linking APIs and building complex workflows, interacting directly with the Passbolt API to automate tasks like employee onboarding or password rotation required a lot of manual API calls and custom scripts.
To bridge this gap, I’m excited to introduce the new n8n community node for Passbolt. This integration allows you to seamlessly connect Passbolt's secure, open-source password manager with your favorite tools, right from the n8n canvas.
As an advocate for open-source tools and strong security practices, combining n8n and Passbolt felt like a natural fit. Passbolt’s philosophy is built on security first and open source, which perfectly matches the needs of teams looking to automate their infrastructure without compromising on data privacy.
This node was built to eliminate the friction of manual API manipulation, allowing IT admins, DevOps engineers, and security teams to build secure, automated workflows in minutes rather than hours.
The goal for the alpha release was to cover the core CRUD operations necessary for daily credential management. Here is what the node currently supports:
Having the nodes is great, but what does this look like in practice? Here are a couple of ways you can start using the Passbolt n8n node today:
1. Automated IT Onboarding (Zero-Touch Provisioning) When a new employee is added to your HR system (like BambooHR or Workday), an n8n webhook triggers the workflow. The node automatically creates a dedicated Passbolt folder for the new hire, fetches their user ID, and shares the standard team passwords (e.g., common WiFi, shared marketing accounts, or internal tools) directly with them.
2. Security Alerting & Rotation If an external monitoring tool detects a potential breach or a forced password rotation is triggered, n8n can fetch the specific resource from Passbolt, initiate a script to change the password on the target server, update the resource in Passbolt, and notify the IT team via a communication channel.
Integrating with Passbolt is uniquely challenging because of its strict End-to-End Encryption (E2EE) model. Unlike standard APIs where a simple API key or Bearer token is enough, the n8n node had to be designed to respect Passbolt's zero-knowledge architecture. It needs to act exactly like a legitimate client.
To make this work seamlessly, the node mimics the behavior of the Passbolt browser extension. Within n8n's built-in credential management system, you provide your Passbolt Private Key and Passphrase. The node securely stores these inputs and uses them to authenticate against the Passbolt API, establishing a session via JSON Web Tokens (JWT).
Because n8n securely encrypts these credentials at rest, your private key and passphrase are never exposed in plain text within your workflows. More importantly, this setup ensures that the actual encryption and decryption of your secrets happen locally during the node's execution. The data remains fully encrypted in transit, preserving the End-to-End Encryption model without sacrificing the flexibility of n8n automation.
This is just the beginning. The next steps for the node is to include capabilities like detect password expiration, manage 2FA, manage totp, etc.
I built this for the community, and I’d love to get your feedback. Test it out, break it, and let me know what you think!
Happy automating!
6 min. read
Migrating Android and iOS to Modern UI Architectures: The full modernisation story with insights on testing stability, friction points, benefits and lessons learnt.
7 min. read
Manage healthcare credentials safely at scale. Explore how governance tools support secure hospital operations across teams and vendors without disrupting critical patient care.
Made in Europe. Privacy by default.