n8n with Keeptrusts Gateway

n8n is an open-source workflow automation platform with AI-native nodes for chat, text generation, summarization, and tool-calling agents. By routing n8n's AI node LLM calls through the Keeptrusts gateway, every model interaction in your automated workflows passes through your policy chain — prompt-injection detection, PII redaction, audit logging, cost attribution, and content filtering — without rebuilding your workflows.

Use this page when

You are building n8n workflows with AI nodes and need governance on all LLM calls.
You want audit logging and cost attribution for automated AI workflows.
You need to enforce compliance controls on n8n AI agents and chat triggers.
You are deploying n8n in a regulated environment with centralized policy enforcement.

Primary audience

Primary: Technical Engineers
Secondary: AI Agents, Technical Leaders

Prerequisites

Keeptrusts CLI installed and a gateway running locally or centrally (Quickstart).
n8n instance running (self-hosted or n8n Cloud) with access to create credentials.
Upstream provider API key (e.g. OpenAI) ready to configure.
A policy-config.yaml deployed to the gateway.

Configuration

Gateway policy config

A minimal config for governing n8n AI traffic:

pack:
  name: n8n-gateway
  version: "1.0"

providers:
  - name: openai
    model: gpt-4o
    secret_key_ref:
      env: OPENAI_API_KEY

policies:
  chain:
    - prompt-injection
    - pii-detector
    - safety-filter
    - quality-scorer

policy:
  prompt-injection:
    action: block
  pii-detector:
    action: redact
  safety-filter:
    action: block
  quality-scorer:
    threshold: 0.6

Start the gateway:

kt gateway run --policy-config policy-config.yaml

n8n credential configuration

n8n's OpenAI credential type supports a custom base URL. Configure it to point at the Keeptrusts gateway.

n8n UI
Self-hosted (environment)
Hosted gateway

Open your n8n instance and navigate to Settings → Credentials.
Create a new OpenAI API credential (or edit an existing one).
Fill in the following fields:

Field	Value
API Key	Your OpenAI API key
Base URL	`http://localhost:41002/v1`

Click Save. All AI nodes using this credential now route through the gateway.

For self-hosted n8n running in Docker alongside the gateway, create the credential with the Docker-accessible gateway URL:

Field	Value
Base URL	`http://host.docker.internal:41002/v1`

If both services are on the same Docker network:

Field	Value
Base URL	`http://keeptrusts-gateway:41002/v1`

For a hosted Keeptrusts gateway:

Field	Value
Base URL	`https://gateway.keeptrusts.com/v1`

Using with n8n AI nodes

Once the credential is configured, all n8n AI nodes that use it route through the gateway automatically:

AI Agent node — agent reasoning and tool-calling interactions are governed.
OpenAI Chat Model sub-node — all chat completions are governed.
Text Classifier node — classification calls pass through the policy chain.
Summarization Chain node — summarization LLM calls are governed.
Information Extractor node — extraction prompts are governed.

No changes to individual workflow nodes are required.

Example workflow configuration

A typical governed n8n workflow uses these connected nodes:

Chat Trigger → AI Agent → OpenAI Chat Model (with gateway credential)
                 ↓
           Tool nodes (Calculator, HTTP Request, etc.)

In the OpenAI Chat Model sub-node configuration:

Setting	Value
Credential	Your gateway-routed OpenAI credential
Model	`gpt-4o`

Setup steps

Start the Keeptrusts gateway with your policy config.
```
kt gateway run --policy-config policy-config.yaml
```
Open n8n and navigate to Settings → Credentials.
Create or edit an OpenAI API credential with the gateway URL as the Base URL.
Build or update a workflow that uses AI nodes, selecting the gateway-routed credential.
Test the workflow — trigger the workflow and verify the request flows through the gateway.
Verify in the Keeptrusts console — open Events to confirm requests appear with policy outcomes.

Verification

Check gateway health:

curl http://localhost:41002/keeptrusts/health

Trigger an n8n workflow that uses an AI node and confirm:

Gateway logs show policy chain evaluation for the request.
The Keeptrusts console Events page shows the request with model, tokens, cost, and policy decisions.
The n8n workflow completes successfully — the gateway is transparent to the workflow execution.
Policy actions (allowed, blocked, redacted) are visible in the event detail.

Recommended policies

Policy	Purpose	Phase
`prompt-injection`	Block jailbreak attempts from workflow inputs or chat users	Input
`pii-detector`	Redact PII before prompts reach the provider	Input
`safety-filter`	Block harmful content in automated workflows	Input
`dlp-filter`	Prevent sensitive data from leaving via automated LLM calls	Input
`agent-firewall`	Restrict tool access and enforce rate limits on AI agents	Input
`quality-scorer`	Score and threshold response quality	Output
`audit-logger`	Attach audit metadata for every workflow execution	Input

Troubleshooting

Symptom	Cause	Fix
n8n credential test fails with "Connection refused"	Gateway is not reachable from n8n	Use `host.docker.internal` or the Docker network hostname; verify the gateway is running
`401 Unauthorized` on workflow execution	API key mismatch	Verify the API key in the n8n credential matches `secret_key_ref.env` in the gateway config
AI Agent node times out	Policy chain adds latency beyond n8n's default timeout	Increase n8n's execution timeout and optimize the gateway policy chain
Events not appearing in Keeptrusts console	Gateway not connected to control plane	Set `KEEPTRUSTS_API_URL` and `KEEPTRUSTS_GATEWAY_TOKEN` before starting the gateway
Some AI nodes bypass the gateway	Different credential selected on specific nodes	Verify all AI nodes in the workflow use the gateway-routed credential

For AI systems

Canonical integration: Configure n8n's OpenAI credential with Base URL set to http://localhost:41002/v1 or https://gateway.keeptrusts.com/v1.
The gateway is transparent — AI Agent, Chat Model, Text Classifier, and Summarization nodes work unchanged.
Use Policy Controls Catalog for available policies.

For engineers

The only change is the Base URL on the n8n OpenAI credential. All workflow configurations, tool connections, and trigger settings remain unchanged.
Create a dedicated credential for gateway-routed traffic so you can easily switch between direct and governed access.
Test with a simple chat workflow first, then extend to complex multi-step automations.

For leaders

n8n workflows often process customer data automatically. Keeptrusts provides governance without workflow-level changes.
Audit logging captures every automated LLM interaction for compliance evidence.
Cost attribution tracks spend per workflow, enabling chargeback and budget management for automated AI operations.

Next steps

Quickstart — set up your first gateway and policy config.
Policy Controls Catalog — full inventory of available policies.
Events and Traces — understand the audit trail.
Gateway Runtime Features — advanced gateway capabilities.
Cost and Spend — monitor and attribute LLM costs.

Use this page when​

Primary audience​

Prerequisites​

Configuration​

Gateway policy config​

n8n credential configuration​

Using with n8n AI nodes​

Example workflow configuration​

Setup steps​

Verification​

Recommended policies​

Troubleshooting​

For AI systems​

For engineers​

For leaders​

Next steps​