Automated Workflow & Credential Restoration System for Self-Hosted Environments

Description

n8n Restore workflows & credentials from Disk - Self-Hosted Solution

This n8n template provides a safe and intelligent restore solution for self-hosted n8n instances, allowing you to restore workflows and credentials from disk backups.

Perfect for disaster recovery or migrating between environments, this workflow automatically identifies your most recent backup and provides a manual restore capability that intelligently excludes the current workflow to prevent conflicts. Works seamlessly with date-organized backup folders.

Good to know
This workflow uses n8n's native import commands (n8n import:workflow and n8n import:credentials)
Works with date-formatted backup folders (YYYY-MM-DD) for easy version identification
The restore process intelligently excludes the current workflow to prevent overwriting itself
Requires proper Docker volume configuration and file system permissions
All operations are performed server-side with no external dependencies
Compatible with backups created by n8n's export commands

How it works

Restore Process (Manual)
Manual trigger with configurable pinned data options (credentials: true/false, workflows: true/false)
The Init node sets up all necessary paths, timestamps, and configuration variables using your environment settings
The workflow scans your backup folder and automatically identifies the most recent backup
If restoring credentials:
Direct import from the latest backup folder using n8n's import command
Credentials are imported with their encrypted format intact
If restoring workflows:
Scans the backup folder for all workflow JSON files
Creates a temporary folder with all workflows from the backup
Intelligently excludes the current restore workflow to prevent conflicts
Imports all other workflows using n8n's import command
Cleans up temporary files automatically
Optional email notifications provide detailed restore summaries with command outputs

How to use

Prerequisites
Existing n8n backups in date-organized folder structure (format: /backup-folder/YYYY-MM-DD/)
Workflow backups as JSON files in the date folder
Credentials backups in subfolder: /backup-folder/YYYY-MM-DD/n8n-credentials/
For new environments: N8N_ENCRYPTION_KEY from source environment (see dedicated section below)

Initial Setup
Configure your environment variables:
N8N_ADMIN_EMAIL: Your email for notifications (optional)
N8N_BACKUP_FOLDER: Location where your backups are stored (e.g., /files/n8n-backups)
N8N_PROJECTS_DIR: Projects root directory
GENERIC_TIMEZONE: Your local timezone
N8N_ENCRYPTION_KEY: Required if restoring credentials to a new environment (see dedicated section below)

Update the Init node:
(Optional) Configure your email here: const N8N_ADMIN_EMAIL = $env.N8N_ADMIN_EMAIL || '[email protected]';
Set PROJECT_FOLDER_NAME to "Workflow-backups" (or your preferred name)
Set credentials to "n8n-credentials" (or your backup credentials folder name)
Verify BACKUP_FOLDER path matches where your backups are stored

Ensure your Docker setup has:
Mounted volume containing backups (e.g., /local-files:/files)
Access to n8n's CLI import commands
Proper file system permissions (read access to backup directories)

Performing a Restore
Open the workflow and locate the "Start Restore" manual trigger node
Edit the pinned data to choose what to restore:
credentials: true - Restore credentials
workflows: true - Restore workflows
Set both to true to restore everything
Click "Execute workflow" on the "Start Restore" node to execute the restore
The workflow will automatically find the most recent backup (latest date)
Check the console logs or optional email for detailed restore summary

Important Notes
The workflow automatically excludes itself during restore to prevent conflicts
Credentials are restored with their encryption intact. If restoring to a new environment, you must configure the N8N_ENCRYPTION_KEY from the source environment (see dedicated section below)
Existing workflows/credentials with the same names will be overwritten
Test in a non-production environment first if unsure

⚠ Critical: N8N_ENCRYPTION_KEY Configuration

Why this is critical: n8n generates an encryption key automatically on first launch and saves it in the ~/.n8n/config file. However, if this file is lost (for example, due to missing Docker volume persistence), n8n will generate a NEW key, making all previously encrypted credentials inaccessible.

When you need to configure N8N_ENCRYPTION_KEY:
Restoring to a new n8n instance
When your data directory is not persisted between container recreations
Migrating from one server to another
As a best practice to ensure key persistence across updates

How credentials encryption works:
Credentials are encrypted with a specific key unique to each n8n instance
This key is auto-generated on first launch and stored in /home/node/.n8n/config
When you backup credentials, they remain encrypted but the key is NOT included
If the key file is lost or a new key is generated, restored credentials cannot be decrypted
Setting N8N_ENCRYPTION_KEY explicitly ensures the key remains consistent

Solution: Retrieve and configure the encryption key

Step 1: Get the key from your source environment

Check if the key is defined in environment variables
docker-compose exec n8n printenv N8N_ENCRYPTION_KEY

If this command returns nothing, the key is auto-generated and stored in n8n's data volume:

Enter the container
docker-compose exec n8n sh

Check configuration file
cat /home/node/.n8n/config

Exit container
exit

Step 2: Configure the key in your target environment

Option A: Using .env file (recommended for security)

Add to your .env file
N8N_ENCRYPTION_KEY=your_retrieved_key_here

Then reference it in docker-compose.yml:

services:
n8n:
environment:
N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}

Option B: Directly in docker-compose.yml (less secure)

services:
n8n:
environment:
N8N_ENCRYPTION_KEY=your_retrieved_key_here

Step 3: Restart n8n

docker-compose restart n8n

Step 4: Now restore your credentials

Only after configuring the encryption key, run the restore workflow with credentials: true.

Best practice for future backups:
Always save your N8N_ENCRYPTION_KEY in a secure location alongside your backups
Consider storing it in a password manager or secure vault
Document it in your disaster recovery procedures

Requirements

Existing Backups
Date-organized backup folders (YYYY-MM-DD format)
Backup files created by n8n's export commands or compatible format

Environment
Self-hosted n8n instance (Docker recommended)
Docker volumes mounted with access to backup location
Optional: SMTP server configured for email notifications

Credentials (Optional)
SMTP credentials for email notifications (if using email nodes)

Technical Notes

Smart Workflow Exclusion
During workflow restore, the current workflow's name is cleaned and matched against backup files
This prevents the restore workflow from overwriting itself
The exclusion logic handles special characters and spaces in workflow names
A temporary folder is created with all workflows except the current one

Timezone Handling
All timestamps use UTC for technical operations
Display times use local timezone for user-friendly readability
Backup folder scanning works with YYYY-MM-DD format regardless of timezone

Security
Credentials are imported in n8n's encrypted format (encryption preserved)
Ensure backup directories have appropriate read permissions
Consider access controls for who can trigger restore operations
No sensitive data is logged in console output

Troubleshooting

Common Issues
No backups found: Verify the N8N_BACKUP_FOLDER path is correct and contains date-formatted folders
Permission errors: Ensure Docker user has read access to backup directories
Path not found: Verify all volume mounts in docker-compose.yml match your backup location
Import fails: Check that backup files are in valid n8n export format
Workflow conflicts: The workflow automatically excludes itself, but ensure backup files are properly named
Credentials not restored: Verify the backup contains a n8n-credentials folder with credential files
Credentials decrypt error: Ensure N8N_ENCRYPTION_KEY matches the source environment

Version Compatibility

Tested with n8n version 1.113.3
Compatible with Docker-based n8n installations
Requires n8n CLI access (available in official Docker images)

This workflow is designed for self-hosted server backup restoration. For FTP/SFTP remote backups, see the companion workflow "n8n Restore from FTP".

Works best with backups from: "Automated n8n Workflows & Credentials Backup to Local/Server Disk & FTP"