p24-infra Docs

n8n-cloud-operations

7 min read

n8n Cloud — Operations Workbook

Workbook last reviewed: 2026-06-11

Overview

PropertyValue
Servicen8n Cloud
Providern8n (SaaS) — app.n8n.cloud
Plann8n Cloud (managed)
Public URLhttps://n8n-cloud.infra.zintegrowana.online
DNSCNAME → p24.app.n8n.cloud
Workflow count5 active

n8n Cloud is the SaaS workflow automation platform used for ecotrans business process automation. It hosts finance document processing, HR automation, fiscal system sync, and the workflow backup mechanism itself. Infrastructure is fully managed by the n8n provider — no Docker, no VPS configuration.

Architecture

Developer / admin
       |
       v
https://app.n8n.cloud  (n8n SaaS UI)
       |
       |── fibu-2025-docs-upload              Finance doc pipeline
       |── save-workflows-to-gitlab           Nightly backup → GitLab
       |── ecotrans-hr-workflow               HR automation
       |── synchronize-kasa-with-googlesheet  Fiscal → Sheets
       └── ai-documents-inbox-folders processing  pinbox24 AI doc delivery
              |
              ├── Google Drive (pinbox24 shared folder → Watch folders)
              ├── Gmail (email delivery per doc category)
              ├── Google Sheets API
              ├── GitLab API (backup target)
              ├── Supabase (via n8n Credential Manager)
              └── External webhooks / manual triggers

Custom domain: n8n-cloud.infra.zintegrowana.online is a Cloudflare CNAME record pointing to p24.app.n8n.cloud. Used as the stable internal reference URL.

Active Workflows

WorkflowIDPurposeTriggerBackup coverage
fibu-2025-docs-uploadbT6grVXtfLOzYf9jFinance document ingestion and processing pipelineManual or webhookWasabi S3 nightly + save-workflows-to-gitlab
save-workflows-to-gitlablShfAU645lP0rcR6Exports all n8n workflow JSON to GitLab repositoryNightly scheduledSelf-referential; also Wasabi S3 nightly
ecotrans-hr-workflowmLfhUCqBEYajcie5HR process automation (employee onboarding, requests)WebhookWasabi S3 nightly + save-workflows-to-gitlab
synchronize-kasa-with-googlesheetvuZ1bgFHeiLr6JXpSyncs data from the Kasa fiscal system into a Google Sheets documentScheduledWasabi S3 nightly + save-workflows-to-gitlab
ai-documents-inbox-folders processing2Em6a6KgKOlwG7Oupinbox24 AI document delivery — watches shared Google Drive folders (Rechnungen, Gutshrifts, Standard docs), downloads files, emails them to the AI extraction pipeline, cleans up processed/duplicate filesHourly (4 sub-flows)Wasabi S3 nightly + save-workflows-to-gitlab; JSON also in infra-src/n8n-workflows/ai-documents-inbox-folders-processing.json

Workflow notes

fibu-2025-docs-upload: Auth test errors were observed on 2026-05-13. These were intentional test runs, not a production incident. No corrective action required unless the pattern recurs on production triggers.

save-workflows-to-gitlab: This workflow is both a service element and the backup mechanism for all other workflows. If it stops running, the backup gap widens. Monitor execution history weekly. The GitLab repository receiving the exports must remain accessible — verify credentials in the n8n Credential Manager periodically.

ai-documents-inbox-folders processing: Critical production workflow — replaced the old email-with-attachments delivery model (which had size limits and unreliable delivery). Users now upload documents to dedicated pinbox24 Google Drive shared folders. This workflow watches those folders hourly and delivers files to the AI extraction pipeline via email. Four sub-flows run on staggered schedules (:20, :30, :40, 01 min of hour) to avoid overlap. The cleanup sub-flow also deduplicates files for selected date ranges. If this workflow stops, AI document extraction stops receiving new inputs.

Restore credential note: the OAuth app registration (GMAIL_OAUTH_CLIENT_ID + GMAIL_OAUTH_CLIENT_SECRET) is in GitHub Secrets. The actual authorized access/refresh tokens are held only by n8n’s Credential Manager (encrypted, not exported). On a new n8n instance, create a new Google credential using those GH Secret values and complete the OAuth consent flow in a browser to re-grant access.

Config Management

All workflow configuration lives inside n8n Cloud. There is no local config file or Docker compose entry for this service.

ItemLocationIn repo?
Workflow definitions (JSON)n8n Cloud + GitLab backup repoVia save-workflows-to-gitlab
API credentialsn8n Credential Manager (encrypted at rest by n8n)No
Account passwordn8n Cloud account settingsNo — stored in .env.local only
GitLab backup repoGitLab (separate from this repo)Separate repo

Backup

Mechanism

Two independent backup mechanisms run on nightly schedules.

WhatMethodFrequencyDestination
All active workflow definitions (JSON)scripts/backup-n8n-cloud.py via GH ActionsNightly 02:00 UTCWasabi S3 p24-infra/ecotrans-monitoring/n8n-cloud-backups/YYYY-MM-DD/ — 90-day retention
All workflow definitionssave-workflows-to-gitlab n8n workflowNightlyGitLab repository
Workflow execution historyn8n Cloud built-in retentionPer n8n plann8n Cloud (not exported)
Credentialsn8n Credential ManagerNot exported — manual documentation only.env.local

Gap: Execution history and individual credential values are not exported. If the n8n Cloud account is lost, credentials must be re-entered manually from .env.local.

Verify backup is running

  1. Log into https://app.n8n.cloud
  2. Open save-workflows-to-gitlab workflow
  3. Check execution history — last successful run should be within 24h

Restore

Restore a workflow from GitLab backup

1. Clone or browse the GitLab workflow backup repository
2. Locate the workflow JSON file by name
3. In n8n UI: open the target workflow → ... (menu) → Import from file
   OR: Settings → Import workflow → paste JSON
4. Re-enter any credentials referenced by the workflow (credentials are not in the JSON export)
5. Activate the workflow
6. Run a test execution to verify

Restore after complete n8n Cloud account loss

1. Create new n8n Cloud account or recover via password reset
2. Clone GitLab backup repo to get all workflow JSONs
3. Import each workflow via n8n UI (Settings → Import workflow)
4. Re-create all credentials in n8n Credential Manager using values from .env.local
5. Activate workflows one by one and verify
6. Update DNS CNAME if account subdomain changed

n8n Cloud also provides built-in workflow version history

Available per workflow via the workflow canvas → … → History. Useful for reverting accidental edits without involving the GitLab backup.

Monitoring

n8n Cloud is a SaaS service — infrastructure monitoring (uptime, CPU, memory) is the provider’s responsibility.

WhatHow
Workflow execution statusn8n UI → Executions tab — review failed runs
n8n Cloud platform uptimehttps://n8n.io/status — provider status page
Backup freshnessCheck save-workflows-to-gitlab last execution in n8n UI
Credential expiryManual review — no automated alerting for expired n8n credentials

There is no Prometheus scrape of n8n Cloud. Workflow failures are visible only by logging into the n8n UI.

Recommended cadence: Check n8n execution history at least once per week. Failed executions appear with a red indicator in the Executions tab.

Healthcheck

Manual check (weekly):
1. Open https://app.n8n.cloud
2. Navigate to Executions
3. Filter by status: Error
4. Investigate any failures not already acknowledged
5. Verify save-workflows-to-gitlab last ran successfully within 24h

For platform incidents, consult https://n8n.io/status.

Password Rotation

CredentialLocationRotation frequencyHow to rotate
n8n Cloud account passwordn8n Cloud account settings180 daysLog in → Account → Security → Change password. Update .env.local. Log in secrets-rotation-log.md.
Per-workflow API credentialsn8n Credential ManagerVaries by providerOpen the credential in n8n → edit → enter new value → Save. No restart needed.

API credentials stored in n8n Credential Manager (non-exhaustive):

Credential nameUsed byExternal serviceOAuth app in GH Secrets?
GitLab API tokensave-workflows-to-gitlabGitLabNo
Google Sheets OAuthsynchronize-kasa-with-googlesheetGoogleNo
Google Drive + Gmail OAuthai-documents-inbox-folders processingGoogle Drive + GmailYes — GMAIL_OAUTH_CLIENT_ID + GMAIL_OAUTH_CLIENT_SECRET in GH Secrets; access tokens held by n8n only
Supabase credentials (if any)VariousSupabaseNo

When rotating an external API key that is also used by n8n, update the credential in n8n Credential Manager immediately after generating the new key.

Incident Response

Workflow failed

1. Log into app.n8n.cloud
2. Open the failed workflow → Executions tab
3. Click the failed execution → inspect the error node
4. Fix the root cause (bad input, expired credential, upstream API down)
5. Re-run manually: Executions → click failed run → Retry
6. If credential expired: update in n8n Credential Manager, then re-run

n8n Cloud platform down

1. Check https://n8n.io/status for a reported incident
2. If confirmed incident: wait for recovery — no action possible on our end
3. If no incident reported: try accessing https://app.n8n.cloud from an incognito window
4. If persistent: contact n8n support at support@n8n.io
5. Log the incident in docs/secrets-rotation-log.md if credentials were affected

save-workflows-to-gitlab not running

1. Open the workflow in n8n UI and check its active/inactive toggle — ensure it is active
2. Check execution history for errors (GitLab token expired, repo not accessible)
3. Verify the GitLab API token in n8n Credential Manager is valid
4. Trigger a manual run to confirm recovery
5. Check the GitLab repo that workflow exports are arriving

Known Limitations

RequirementStatusReasonCompensating control
Prometheus monitoringNot availableSaaS — no metrics endpoint exposedManual weekly review of execution history
Credential exportNot availablen8n encrypts credentials at rest, does not export valuesCredentials documented in .env.local; rotation log in secrets-rotation-log.md
Execution history backupPartialn8n Cloud retains history per plan limits; not exported to GitLabWorkflow definitions backed up; execution logs are ephemeral

Graph View

Backlinks