> For the complete documentation index, see [llms.txt](https://docs.n8n.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.n8n.io/deploy/host-n8n/configure-n8n/security.md).

# Security

Securing your n8n instance can take several forms.

At a high level, you can:

* Conduct a [security audit](/deploy/host-n8n/configure-n8n/security/run-security-audits.md) to identify security risks.
* [Set up SSL](/deploy/host-n8n/configure-n8n/security/set-up-ssl.md) to enforce secure connections.
* [Set up Single Sign-On](/deploy/host-n8n/configure-n8n/security/configure-sso.md) for user account management.
* Use [token exchange](https://github.com/n8n-io/n8n-docs/blob/main/hosting/oem-deployment/token-exchange.md) to log users in from your own identity provider when embedding n8n, or to call n8n APIs on their behalf.
* Use [two-factor authentication (2FA)](/administer/manage-users-and-access/verify-user-identity/require-two-factor-auth.md) for your users.
* Enable [encryption key rotation](/deploy/host-n8n/configure-n8n/security/rotate-encryption-keys.md) to periodically replace the key that encrypts credentials and other sensitive data.
* Enable [JWE token decryption for OAuth 2.0 credentials](/deploy/host-n8n/configure-n8n/security/decrypt-oauth-20-tokens-with-jwe.md) so your identity provider can encrypt access and ID tokens that only your instance can decrypt.

You can also protect sensitive data processed by your workflows:

* [Redact execution data](/deploy/host-n8n/configure-n8n/security/redact-execution-data.md) to hide input and output data from workflow executions.

More granularly, consider blocking or opting out of features or data collection you don't want:

* [Disable the public API](/deploy/host-n8n/configure-n8n/security/disable-the-public-api.md) if you aren't using it.
* [Opt out of data collection](/deploy/host-n8n/configure-n8n/security/control-telemetry.md) of the anonymous data n8n collects automatically.
* [Block certain nodes](/deploy/host-n8n/configure-n8n/security/block-specific-nodes.md) from being available to your users.
* [Protect against SSRF attacks](/deploy/host-n8n/configure-n8n/security/enable-ssrf-protection.md) to control which hosts and IP ranges workflow nodes can connect to.
* [Restrict account registration](/deploy/host-n8n/configure-n8n/security/verify-user-emails.md) to email-verified users.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.n8n.io/deploy/host-n8n/configure-n8n/security.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.