Sensitive pinned data in n8n
Why test data containing secrets can be accidentally shared with your workflow
What is this issue?
Pinned data in n8n saves execution results for testing. If you pin data containing passwords, API keys, personal information, or other secrets, this data gets exported when you share or backup the workflow JSON.
Types of sensitive pinned data:
•API responses containing tokens or keys•Database records with personal information (PII)•Email content with confidential data•Webhook payloads with authentication headers
Why is this dangerous?
Accidental exposure
Exporting the workflow includes pinned data, potentially sharing secrets.
Compliance violations
Pinned PII may violate GDPR, HIPAA, or other data protection regulations.
Credential leaks
API keys or tokens in pinned data can be extracted and misused.
Audit failures
Security audits may flag pinned production data as a policy violation.
How to fix it
- 1
Review pinned data
Check all pinned executions for sensitive information before sharing workflows.
- 2
Use synthetic test data
Create fake test data that mimics production structure without real secrets.
- 3
Unpin before export
Remove all pinned data before exporting workflows for sharing or backup.
- 4
Implement data masking
Use a Code node to mask sensitive fields before pinning test data.
Scan your workflow now
Upload your n8n workflow JSON and detect potentially sensitive data in pinned executions.