fix(core): Prevent issues with missing or mismatching encryption key

[ivov]

• If N8N_ENCRYPTION_KEY does not match configFile.encryptionKey, fail to init main
• If N8N_ENCRYPTION_KEY is missing on worker, fail to init worker
• If credential decryption fails when attempting to edit a credential, surface better error message
• If HTTPRN execution fails due to cred decryption error, block execution
• Tests

Story: https://linear.app/n8n/issue/PAY-1184

[Joffcom]

@ivov would this fix #8287?

[ivov]

@ivov would this fix #8287?

This PR will make it more evident that there is a mismatch, but the root cause of this user's mismatch is likely what Adi mentioned: #8287 (comment)

[krynble]

Existing behavior is to take precedence in the config file - should we throw and prevent starting or just warn the users about it?

[ivov]

I was following this:

also, we need to add a check when there is an encryption key in .n8n/config and it does not match the one being passed in via N8N_ENCRYPTION_KEY, and fail to start the application.

[cypress]

Passing run #3783 ↗︎

0

331

5

0

0

Details:

🌳 🖥️ browsers:node18.12.0-chrome107 🤖 ivov 🗃️ e2e/*
Project: n8n	Commit: 65af207fe0
Status: Passed	Duration: 03:21 💡
Started: Jan 16, 2024 5:13 PM	Ended: Jan 16, 2024 5:16 PM

Review all test suite changes for PR #8332 ↗︎

[github-actions]

✅ All Cypress E2E specs passed

[janober]

Got released with n8n@1.25.0

[Dasio]

Hello,
I'm loading encryption key only from config file, not from env. And this MR broke it. Because it checks only if environment variable is set, which in my case is empty.

[krynble]

Thanks for the comment @Dasio - we discussed it privately but for completeness' sake, we made this change to assert that users would always provide the encryption key in a reliable way; the config file is generated at runtime if not existing, which could lead to issues with workers, so in order to prevent this, we added this check.

Sorry for the trouble, you should change the settings to provide the encryption key via environment variable.