API keys sit in plain step fields
Use the built-in credential store or external vault. Never put secrets in step fields or test payloads.
Try this first
- 1Move keys to the tool's credentials feature
- 2Sensitive systems: integrate Azure Key Vault, AWS SM, 1Password
- 3Rotate keys after every team change
- 4Audit search 'sk_', 'Bearer', 'API-Key' in flow exports
When to bring us in
Suspected leak: rotate the key first, root-cause second.
See also
- n8n: self-host or cloud?Self-hosted is cheaper at volume and keeps data local. Cloud removes ops burden.
- Zapier or Make: which fits better?Zapier is straight-line; Make handles complex flows with routers and iterators for less money.
- Power Automate Cloud or Desktop: which to use?Cloud for SaaS integrations and triggers. Desktop for RPA against legacy Windows apps without APIs.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.