SOP-24: Daily n8n Backup Protocol
AutomationSurgeon's Critical Infrastructure Protection System
| Version | 1.1 |
| Owner | Founder |
| Purpose | To ensure daily backups of critical n8n configuration files while maintaining security best practices, enabling fast system recovery or migration. |
1. Overview
1.1. Primary Objective
Implement automated daily backups of n8n server configuration files to ensure business continuity and enable rapid system recovery in case of hardware failure, security incidents, or migration requirements.
1.2. Scope
Applies to n8n server hosted via Docker on Ubuntu. Targets include: .env, docker-compose.yml, ~/.n8n/, workflow exports, credentials, and backups of settings file permissions.
1.3. Prerequisites
- Ubuntu VM with root or privileged access
- Git installed and repository initiated for backups
- n8n Docker installation accessible
- Appropriate write permissions and encryption key environment variable (N8N_ENCRYPTION_KEY) set
2. Backup Strategy
2.1. Security-First Approach
- Environment Variables: Never committed to version control
- Credentials: Encrypted and stored securely
- Configuration Files: Version controlled for easy recovery
- Workflows: Exported and backed up daily
2.2. Backup Components
-
Critical Configuration Files
- docker-compose.yml
- .env (stored locally, not in git)
- n8n configuration settings
-
n8n Data
- Workflow exports
- Credential exports
- Database backups (if applicable)
-
System Configuration
- File permissions
- Network configuration
- Security settings
3. Implementation Procedure
3.1. Step 1: Prepare Git-Based Backup Repository
# Create backup directory
mkdir -p /opt/n8n-backup
cd /opt/n8n-backup
# Initialize git repository
git init
git remote add origin <YOUR-BACKUP-REPO-URL>
Set .gitignore:
# Avoid accidental commit of sensitive files
.env
.env.secure
credentials/
*.key
*.pem
3.2. Step 2: Create Backup Script
File: /opt/n8n-backup/backup.sh
#!/usr/bin/env bash
set -e
BACKUP_DIR="/opt/n8n-backup"
cd "$BACKUP_DIR"
# Create timestamp for this backup
TIMESTAMP=$(date +'%Y-%m-%d_%H-%M-%S')
# Copy critical files
cp /opt/n8n/.env .env.secure
cp /opt/n8n/docker-compose.yml docker-compose.yml
# Export n8n workflows
docker exec n8n n8n export:workflow --backup --output workflows
# Export n8n credentials (encrypted)
docker exec n8n n8n export:credentials --backup --output credentials
# Set secure permissions for sensitive files
chmod 600 .env.secure
chmod 600 credentials/*
# Create backup metadata
cat > backup-metadata.json << EOF
{
"timestamp": "$TIMESTAMP",
"n8n_version": "$(docker exec n8n n8n --version)",
"backup_type": "daily",
"files_backed_up": [
"docker-compose.yml",
"workflows/",
"credentials/"
],
"security_notes": [
".env.secure stored locally only",
"credentials encrypted with N8N_ENCRYPTION_KEY"
]
}
EOF
# Stage changes for git (excluding sensitive files)
git add docker-compose.yml workflows/ backup-metadata.json
git add -f credentials/ # Force add encrypted credentials
# Commit changes
git commit -m "Daily backup $(date +'%Y-%m-%d %H:%M:%S')" || exit 0
# Push to remote repository
git push origin main
# Clean up old backups (keep last 30 days)
find . -name "*.env.secure" -mtime +30 -delete
find . -name "backup-metadata.json" -mtime +30 -delete
echo "Backup completed successfully at $(date)"
Make script executable:
chmod +x /opt/n8n-backup/backup.sh
3.3. Step 3: Automate with Cron
Create /etc/cron.d/n8n-backup:
# Daily backup at 3 AM
0 3 * * * root /bin/bash /opt/n8n-backup/backup.sh >> /var/log/n8n-backup.log 2>&1
4. Recovery Procedures
4.1. Full System Recovery
# Create recovery directory
mkdir -p /opt/n8n-recovery
cd /opt/n8n-recovery
# Clone backup repository
git clone <YOUR-BACKUP-REPO-URL> .
# Copy environment file
cp /opt/n8n-backup/.env.secure .env
# Set correct permissions
chmod 600 .env
# Start n8n with restored configuration
docker-compose up -d
5. Success Metrics
- Backup Success Rate: Target >99%
- Recovery Time: Target <30 minutes
- Data Loss Prevention: Target 0 incidents
- Backup Duration: Target <10 minutes