User management SMTP, and two-factor authentication environment variables#
File-based configuration
You can add _FILE to individual variables to provide their configuration in a separate file. Refer to Keeping sensitive data in separate files for more details.
Refer to User management for more information on setting up user management and emails.
| Variable | Type | Default | Description |
|---|---|---|---|
N8N_EMAIL_MODE |
String | smtp |
Enable emails. |
N8N_SMTP_HOST |
String | - | your_SMTP_server_name |
N8N_SMTP_PORT |
Number | - | your_SMTP_server_port |
N8N_SMTP_USER |
String | - | your_SMTP_username |
N8N_SMTP_PASS |
String | - | your_SMTP_password |
N8N_SMTP_OAUTH_SERVICE_CLIENT |
String | - | If using 2LO with a service account this is your client ID |
N8N_SMTP_OAUTH_PRIVATE_KEY |
String | - | If using 2LO with a service account this is your private key |
N8N_SMTP_SENDER |
String | - | Sender email address. You can optionally include the sender name. Example with name: N8N <contact@n8n.com> |
N8N_SMTP_SSL |
Boolean | true |
Whether to use SSL for SMTP (true) or not (false). |
N8N_SMTP_STARTTLS |
Boolean | true |
Whether to use STARTTLS for SMTP (true) or not (false). |
N8N_UM_EMAIL_TEMPLATES_INVITE |
String | - | Full path to your HTML email template. This overrides the default template for invite emails. |
N8N_UM_EMAIL_TEMPLATES_PWRESET |
String | - | Full path to your HTML email template. This overrides the default template for password reset emails. |
N8N_UM_EMAIL_TEMPLATES_WORKFLOW_SHARED |
String | - | Overrides the default HTML template for notifying users that a workflow was shared. Provide the full path to the template. |
N8N_UM_EMAIL_TEMPLATES_CREDENTIALS_SHARED |
String | - | Overrides the default HTML template for notifying users that a credential was shared. Provide the full path to the template. |
N8N_UM_EMAIL_TEMPLATES_PROJECT_SHARED |
String | - | Overrides the default HTML template for notifying users that a project was shared. Provide the full path to the template. |
N8N_USER_MANAGEMENT_JWT_SECRET |
String | - | Set a specific JWT secret. By default, n8n generates one on start. |
N8N_USER_MANAGEMENT_JWT_DURATION_HOURS |
Number | 168 | Set an expiration date for the JWTs in hours. |
N8N_USER_MANAGEMENT_JWT_REFRESH_TIMEOUT_HOURS |
Number | 0 | How many hours before the JWT expires to automatically refresh it. 0 means 25% of N8N_USER_MANAGEMENT_JWT_DURATION_HOURS. -1 means it will never refresh, which forces users to log in again after the period defined in N8N_USER_MANAGEMENT_JWT_DURATION_HOURS. |
N8N_MFA_ENABLED |
Boolean | true |
Whether to enable two-factor authentication (true) or disable (false). n8n ignores this if existing users have 2FA enabled. |
N8N_INVITE_LINKS_EMAIL_ONLY |
Boolean | false |
When set to true, n8n will only deliver invite links via email and will not expose them through the API. This option enhances security by preventing invite URLs from being accessible programmatically, or to high priviledged users. |
This page was