Seguretat i Compliance
8.1. Seguretat
Configuració SSL/TLS:
# Nginx reverse proxy
server {
listen 443 ssl http2;
server_name n8n.company.com;
ssl_certificate /etc/ssl/certs/n8n.crt;
ssl_certificate_key /etc/ssl/private/n8n.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://n8n:5678;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
Encriptació de dades:
# Generar clau d'encriptació forta
openssl rand -hex 32
# Variables critiques
N8N_ENCRYPTION_KEY=a8f5f167f44f... # Credencials
N8N_JWT_SECRET=b9g6g278g55g... # Sessions
8.2. RBAC
Roles i permisos:
Owner:
✅ Gestionar usuaris
✅ Veure/editar tots els workflows
✅ Gestionar credencials globals
✅ Configuració del sistema
Editor:
✅ Crear/editar workflows propis
✅ Executar workflows
✅ Crear credencials pròpies
❌ Gestionar usuaris
Viewer:
✅ Veure workflows
✅ Veure executions history
❌ Editar workflows
❌ Accedir a credencials
8.3. Compliance
GDPR:
✅ Data residency: Self-host a EU
✅ Right to deletion:
- DELETE FROM executions WHERE user_id = X
- DELETE FROM credentials WHERE user_id = X
✅ Encryption at rest
✅ Audit logs de tots els accessos
Audit trail:
CREATE TABLE audit_log (
id SERIAL PRIMARY KEY,
timestamp TIMESTAMP DEFAULT NOW(),
user_id INTEGER,
action VARCHAR(50), -- 'workflow_created', 'credential_accessed'
resource_type VARCHAR(50),
resource_id VARCHAR(255),
ip_address VARCHAR(45),
user_agent TEXT,
details JSONB
);
-- Query auditoria
SELECT * FROM audit_log
WHERE action = 'credential_accessed'
AND resource_id = 'prod_database'
ORDER BY timestamp DESC;