Credentials¶
Do not commit real credentials, access tokens, consumer secrets, passwords, or private keys to this repository.
Salesforce¶
n8n needs a Salesforce connection with API access. Use a dedicated integration user where possible.
Required values:
- Salesforce login URL
- Username
- Password or OAuth flow credentials
- Security token, if the selected auth method requires it
- Connected App Consumer Key, if using OAuth
- Connected App Consumer Secret, if using OAuth
Recommended storage:
- n8n credentials store
- GitHub Actions secrets for CI/CD
- Password manager for handover
n8n¶
Required values:
- n8n base URL
- n8n API key for deployment automation, if used
- Webhook path for the Data Enrichment agent
Webhook authentication (required, per org)¶
The n8n enrichment webhook is protected with a shared-secret header so that only Salesforce can trigger enrichment runs (an open webhook lets anyone burn Apify/SerpAPI/Gemini credits). Configure a unique secret per environment — it is not shipped with the package.
- Generate a random secret (e.g.
openssl rand -hex 24). - n8n: create a Header Auth credential with header name
X-Enrichment-Tokenand the secret as its value, then set the enrichment webhook node's Authentication to Header Auth and select that credential. - Salesforce: set the secret in Data Enrichment Settings
(
OrgSettings__ccustom setting) → field Webhook Auth Token (WebhookAuthToken__c). Apex reads it and sends it as theX-Enrichment-Tokenheader on every webhook callout. The value is per-org config that survives package upgrades; leave it blank to send no header (open webhook). The secret is never shipped with the package.
Verify: a POST to the webhook without the header returns 403; with the
correct header it returns 202. Rotate the secret by updating both the n8n
credential and the custom-setting value.
GitHub Actions¶
Suggested secret names:
N8N_BASE_URLN8N_API_KEYSALESFORCE_AUTH_URLSALESFORCE_TARGET_ORG