Credentials
Vault-stored credentials used by the HTTP node and other workflow tools.
Workflows is in Beta. The UI and API may change. The sidebar entry is currently disabled for most workspaces — your account team enables it for pilot orgs.
Admins only. Members can run and observe; only admins can edit.
Credentials used in workflows are stored in the org-scoped vault. They are encrypted at rest, scoped by entityType (user, workspace, or workflow), and decrypted server-side at run time. Clients never receive decrypted values.
When you need one
The HTTP request node's auth picker lists available vault credentials. When the node executes, it fetches the decrypted value server-side and injects it into the request. Other workflow tools that require a static secret use the same credential list.
Creating a workflow credential
Go to Settings → Integrations → Credentials → Add Credential. Choose the service type or the generic API key shape. Set the entity type to workflow. Save.
See Credentials for full vault management docs.
Using one in a node
Open the HTTP request node's Properties drawer. In the Auth section, select the credential from the dropdown. The node stores only the credential id — the actual secret is never written to the workflow definition.
Safety: SSRF guard on HTTP
The HTTP node's SSRF guard runs before every request and is not configurable. Rejected targets include:
- Private IPv4 ranges (RFC 1918)
- IPv6 ULA (
fc00::/7) and CGN (100.64.0.0/10) - IPv4-mapped IPv6 addresses
- Multicast ranges
- Hosts that resolve to a mix of public and private IPs across their DNS records
On cross-origin redirects, Authorization and Cookie headers are stripped. The per-hop scheme is re-checked at each redirect step. To reach an internal service from a workflow, route traffic through an authenticated public proxy.
Rotation
Edit a credential in the vault to update its value. Revoke it to remove access immediately. Revocation takes effect for any in-progress run that hasn't yet consumed the credential, and for all future runs.