> For the complete documentation index, see [llms.txt](https://docs.n8n.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.n8n.io/administer/manage-credentials/credential-overwrites.md).

# Credential overwrites

Credential overwrites let you set credential data globally. This data isn't visible to users, but n8n uses it automatically in the background - for example, to enable OAuth login using a "Connect" button without exposing client secrets.

In the Editor UI, n8n hides all overwritten fields by default, so users can authenticate with OAuth using the "Connect" button on the credential.

For the environment variables used to configure credential overwrites, refer to [Credentials environment variables](/deploy/host-n8n/configure-n8n/basic-configuration/use-environment-variables/credentials.md).

## Using environment variables <a href="#using-environment-variables" id="using-environment-variables"></a>

Set `CREDENTIALS_OVERWRITE_DATA` to `{ CREDENTIAL_NAME: { PARAMETER: VALUE }}`.

{% hint style="warning" %}
This approach isn't recommended. Environment variables aren't protected in n8n, so the data can leak to users.
{% endhint %}

## Using the REST API <a href="#using-the-rest-api" id="using-the-rest-api"></a>

The recommended approach is to load the data using a custom REST endpoint.

1. Set `CREDENTIALS_OVERWRITE_ENDPOINT` to the path where the endpoint should be available:<br>

   ```sh
   export CREDENTIALS_OVERWRITE_ENDPOINT=send-credentials
   ```

   Optionally, set `CREDENTIALS_OVERWRITE_ENDPOINT_AUTH_TOKEN` to require a bearer token for accessing the endpoint.

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Without an auth token, the endpoint can only be called once for security reasons.</p></div>
2. Prepare a JSON file with the credentials to overwrite. For example, `oauth-credentials.json` for Asana and GitHub:

   ```json
   {
       "asanaOAuth2Api": {
           "clientId": "<id>",
           "clientSecret": "<secret>"
       },
       "githubOAuth2Api": {
           "clientId": "<id>",
           "clientSecret": "<secret>"
       }
   }
   ```
3. Send the file to your n8n instance:

   ```sh
   curl -H "Content-Type: application/json" --data @oauth-credentials.json http://localhost:5678/send-credentials
   ```

   If `CREDENTIALS_OVERWRITE_ENDPOINT_AUTH_TOKEN` is set to `secure-token`:

   ```sh
   curl -H "Content-Type: application/json" -H "Authorization: Bearer secure-token" --data @oauth-credentials.json http://localhost:5678/send-credentials
   ```

{% hint style="info" %}
Credentials can extend other credentials. For example, `googleSheetsOAuth2Api` extends `googleOAuth2Api`. You can set parameters on the parent (`googleOAuth2Api`) and all child credentials will use them.
{% endhint %}

## Persistence <a href="#persistence" id="persistence"></a>

To store credential overwrites in the database and propagate them to all workers in multi-instance or queue mode, enable:

```sh
export CREDENTIALS_OVERWRITE_PERSISTENCE=true
```

When enabled, n8n stores the encrypted overwrites in the `settings` table and broadcasts a `reload-overwrite-credentials` event so workers reload the latest values. When disabled, overwrites remain in memory on the process that loaded them and n8n doesn't propagate them to workers or preserve them across restarts.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.n8n.io/administer/manage-credentials/credential-overwrites.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.