n8n Setup Guide

Install n8n-nodes-privent, configure the Privent API credential, and run a four-node tokenize → score → detokenize chain end-to-end.

Overview

Drop Privent into your n8n workflow to tokenize PII and secrets before they reach an LLM, then detokenize at trusted egress.

What you install

–n8n-nodes-privent community package (npm)
–Four nodes: Session, Tokenize, Risk Check, Detokenize
–One credential type: Privent API

What it does

–Replaces emails, SSNs, cards, IBANs with reversible tokens
–Scores prompt risk via Privent ML — block/warn/allow gating
–Restores original values only at trusted egress nodes

What you need

–n8n self-host (docker / npm) or n8n Cloud Pro+
–Privent AGENT_SDK API key (pv_live_…)
–Privent Cloud account at privent.ai

Tokens are session-scoped and stored in-memory by default — Privent never persists raw prompt data or detokenized values. The same input within a session always maps to the same token; cross-session tokens are random to block correlation attacks.

Prerequisites

Confirm you have a compatible n8n instance and an active Privent AGENT_SDK key.

n8n environment

–Self-host docker or npm — community packages enabled
–Or n8n Cloud Pro / Enterprise — Free tier does not allow community nodes
–Node.js ≥ 20 on the n8n runtime
–Network egress to api.privent.ai over HTTPS

Privent account

–An organization on api.privent.ai
–An AGENT_SDK API key (prefix pv_live_…)
–A configured org policy with category weights and thresholds

Create an account →

Installation

Pick the path that matches your hosting model. All three result in the same set of nodes loaded into the editor.

Self-host · Dockerrecommended

Start n8n with community packages enabled, then install the package from the editor.

docker run

docker run -d --name n8n \
  -p 5678:5678 \
  -e N8N_COMMUNITY_PACKAGES_ENABLED=true \
  -e N8N_COMMUNITY_PACKAGES_ALLOW_TOOL_USAGE=true \
  -v ~/.n8n:/home/node/.n8n \
  n8nio/n8n:latest

01Open http://localhost:5678 and complete the owner setup
02Settings → Community Nodes → Install a community node
03Enter n8n-nodes-privent and confirm the install
04n8n restarts the worker — Privent nodes appear in the canvas search

n8n Cloud · Pro / Enterprise

Cloud-managed installs follow the same UI flow — no infrastructure changes required.

01Open your n8n Cloud workspace
02Settings → Community Nodes
03Install a community node → enter n8n-nodes-privent
04Confirm the risk acknowledgement and install
05Worker restart completes within ~30 seconds

n8n Cloud Free does not expose the Community Nodes menu. Upgrade to Pro / Enterprise or self-host.

Self-host · Manual (offline / air-gapped)

Install the package directly into the n8n custom-extensions directory when the editor cannot reach npm.

mkdir -p ~/.n8n/nodes
cd ~/.n8n/nodes
npm init -y
npm install n8n-nodes-privent

N8N_CUSTOM_EXTENSIONS=~/.n8n/nodes n8n start

Credential Setup

Create a Privent API credential in n8n so every Privent node authenticates against your organization.

Fields

API KeyYour AGENT_SDK key. Format: pv_live_<base64url>. Stored encrypted at rest by n8n.

Base URLDefaults to https://api.privent.ai. Override only when running a self-hosted Privent backend.

Vault BackendIn-Memory for self-host single-worker. Use Privent Cloud when n8n runs in queue mode with multiple workers.

01Credentials → New → search Privent API
02Paste your AGENT_SDK key into API Key
03Leave Base URL on the default unless you self-host the backend
04Choose In-Memory vault backend for most setups
05Click Test — a green checkmark with Connection successful! confirms auth

Wrong key returns 401 Invalid api key. The credential is rejected at save-time so misconfiguration never reaches a running workflow.

Quick Start Workflow

A minimal four-node chain that tokenizes a prompt, scores its risk, and detokenizes the result before egress.

Privent Session

Generates a session ID and registers an in-memory vault for the run. Place this immediately after your trigger.

Privent Tokenize

Reads the configured text field and replaces sensitive values with [KIND_NNN] placeholders. Returns the tokenized text plus an entity list and risk score.

Privent Risk Check

Optional standalone scoring. Useful as a tool node for AI Agents or as a Switch input to gate high-risk items into a review branch.

Privent Detokenize

Resolves [KIND_NNN] tokens back to the original values right before a trusted egress sink (HTTP Request, database, internal API).

example tokenize output

Input
"Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111."

After Tokenize
"Hi, my email is [EMAIL_001] and SSN is [SSN_001]. Card: [CREDIT_CARD_001]."

After Detokenize at egress
"Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111."

Pass the same sessionId from Privent Session to every downstream node. n8n expressions ({{$('Privent Session').item.json.sessionId}}) handle this automatically when the nodes are wired in order.

Verification

Confirm the integration is wired correctly and your traffic is reaching real Privent ML — not the local fallback.

Run the workflow with a synthetic prompt

Use a string with mixed entities such as "alice@acme.com / 123-45-6789 / 4111-1111-1111-1111". Execute the workflow once via the manual trigger.

Inspect the Tokenize output

The text field should contain [EMAIL_NNN], [SSN_NNN], and [CREDIT_CARD_NNN] placeholders. The privent.entities array should list the three detections with confidence > 0.8.

Confirm real ML scored the prompt

On the Risk Check node output, the privent.model field must NOT equal fallback. A real model identifier means traffic reached Privent Cloud and the auth chain is healthy.

Verify round-trip detokenization

The Detokenize node output text should match the original prompt byte-for-byte. Any drift indicates a session ID mismatch or a vault lookup miss.

Troubleshooting

Common issues and how to resolve them.

Privent nodes do not appear in the editor search

The package was published to npm but never installed on this n8n instance. Open Settings → Community Nodes and install n8n-nodes-privent. Self-host docker also requires N8N_COMMUNITY_PACKAGES_ENABLED=true at boot.

Credential test returns 401 Invalid api key

The AGENT_SDK key is missing, malformed, or revoked. Confirm the key is active in the Privent dashboard and that it is an AGENT_SDK key — extension keys are scoped differently and will fail here.

Risk Check returns model = fallback

The Privent Cloud call timed out or the circuit breaker is open. Check the workflow logs for PRIVENT_ML_FAIL_OPEN events. Confirm api.privent.ai is reachable from the n8n host and that the AGENT_SDK key is still active.

Detokenize returns the tokenized text unchanged

The session ID at Detokenize does not match the one used at Tokenize. Re-check the Session ID expression — both nodes should reference {{$('Privent Session').item.json.sessionId}}.

Multi-worker n8n loses tokens between Tokenize and Detokenize

In queue mode, in-memory vaults are scoped per worker. Switch the credential's Vault Backend to Privent Cloud so token state is shared across workers.

Native build error during install (isolated-vm gyp fail)

Add --ignore-scripts --omit=optional to the npm install when running the manual install path. The n8n image already bundles isolated-vm; community packages don't need to rebuild it.

Still stuck? Email hello@privent.ai with your n8n version, the package version (visible under Settings → Community Nodes), and the workflow JSON if possible.

Input "Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111." After Tokenize "Hi, my email is [EMAIL_001] and SSN is [SSN_001]. Card: [CREDIT_CARD_001]." After Detokenize at egress "Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111."