Salta el contingut

Seguretat i Compliance

8.1. Seguretat

Configuració SSL/TLS:

# Nginx reverse proxy
server {
    listen 443 ssl http2;
    server_name n8n.company.com;

    ssl_certificate /etc/ssl/certs/n8n.crt;
    ssl_certificate_key /etc/ssl/private/n8n.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://n8n:5678;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Encriptació de dades:

# Generar clau d'encriptació forta
openssl rand -hex 32

# Variables critiques
N8N_ENCRYPTION_KEY=a8f5f167f44f...  # Credencials
N8N_JWT_SECRET=b9g6g278g55g...      # Sessions

8.2. RBAC

Roles i permisos:

Owner:
  ✅ Gestionar usuaris
  ✅ Veure/editar tots els workflows
  ✅ Gestionar credencials globals
  ✅ Configuració del sistema

Editor:
  ✅ Crear/editar workflows propis
  ✅ Executar workflows
  ✅ Crear credencials pròpies
  ❌ Gestionar usuaris

Viewer:
  ✅ Veure workflows
  ✅ Veure executions history
  ❌ Editar workflows
  ❌ Accedir a credencials

8.3. Compliance

GDPR:

✅ Data residency: Self-host a EU
✅ Right to deletion:
   - DELETE FROM executions WHERE user_id = X
   - DELETE FROM credentials WHERE user_id = X
✅ Encryption at rest
✅ Audit logs de tots els accessos

Audit trail:

CREATE TABLE audit_log (
    id SERIAL PRIMARY KEY,
    timestamp TIMESTAMP DEFAULT NOW(),
    user_id INTEGER,
    action VARCHAR(50),  -- 'workflow_created', 'credential_accessed'
    resource_type VARCHAR(50),
    resource_id VARCHAR(255),
    ip_address VARCHAR(45),
    user_agent TEXT,
    details JSONB
);

-- Query auditoria
SELECT * FROM audit_log 
WHERE action = 'credential_accessed'
  AND resource_id = 'prod_database'
ORDER BY timestamp DESC;