Privent
  • Agent Security
  • Pricing
  • Docs
  • Blog
Privent

Agent Security for n8n workflows and AI Monitoring for enterprise AI usage, deployed in our cloud or fully on-prem.

GDPREU AI ActHIPAASOC 2SOC 2
Get your reportGet started

Product

  • Agent Security
  • Risk Report
  • Pricing
  • Use Cases

Integrations

  • n8n

Resources

  • Security
  • FAQ
  • Docs
  • Extension setup

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

Connect

  • LinkedIn
  • X / Twitter
  • Get started

© 2026 Privent Technologies, Inc. All rights reserved.

trust.privent.ai
Documentation

n8n Setup Guide

Install n8n-nodes-privent, configure the Privent API credential, and run a four-node tokenize → score → detokenize chain end-to-end.

On this pageOverviewPrerequisitesInstallationCredential SetupQuick Start WorkflowVerificationTroubleshooting
01

Overview

Drop Privent into your n8n workflow to tokenize PII and secrets before they reach an LLM, then detokenize at trusted egress.

What you install
  • –n8n-nodes-privent community package (npm)
  • –Six nodes: Session, Tokenize, Detokenize, Risk Check, Audit Event, Handoff
  • –One credential type: Privent API
What it does
  • –Detects 10 PII/secret kinds (email, phone, SSN, card, IBAN, AWS key, JWT, API key, IP, URL) and replaces them with deterministic tokens
  • –Scores prompt risk via Privent ML: 4 tiers (LOW / MEDIUM / HIGH / CRITICAL), audit-only, transparent fallback
  • –Detokenizes only at strict-mode trusted-sink egress; handoff events feed Trust Map
What you need
  • –n8n self-host (docker / npm) or n8n Cloud Pro+
  • –Privent AGENT_SDK API key (pv_live_…)
  • –Privent Cloud account at privent.ai
Tokens are session-scoped and stored in-memory by default. Privent never persists raw prompt data or detokenized values. The same input within a session always maps to the same token; cross-session tokens are random to block correlation attacks. Switch the credential's Vault Backend to Privent Cloud to share token state across queue-mode workers, values are AES-256-GCM encrypted at rest with hourly retention of expired entries.
02

Prerequisites

Confirm you have a compatible n8n instance and an active Privent AGENT_SDK key.

n8n environment
  • –Self-host docker or npm: community packages enabled
  • –Or n8n Cloud Pro / Enterprise: Free tier does not allow community nodes
  • –Node.js ≥ 20 on the n8n runtime
  • –Network egress to api.privent.ai over HTTPS
Privent account
  • –An organization on api.privent.ai
  • –An AGENT_SDK API key (prefix pv_live_…)
  • –A configured org policy with category weights and thresholds
Create an account →
03

Installation

Pick the path that matches your hosting model. All three result in the same set of nodes loaded into the editor.

Self-host · Dockerrecommended

Start n8n with community packages enabled, then install the package from the editor.

docker run
docker run -d --name n8n \
  -p 5678:5678 \
  -e N8N_COMMUNITY_PACKAGES_ENABLED=true \
  -e N8N_COMMUNITY_PACKAGES_ALLOW_TOOL_USAGE=true \
  -v ~/.n8n:/home/node/.n8n \
  n8nio/n8n:latest
  1. 01Open http://localhost:5678 and complete the owner setup
  2. 02Settings → Community Nodes → Install a community node
  3. 03Enter n8n-nodes-privent and confirm the install
  4. 04n8n restarts the worker, and Privent nodes appear in the canvas search
n8n Cloud · Pro / Enterprise

Cloud-managed installs follow the same UI flow, no infrastructure changes required.

  1. 01Open your n8n Cloud workspace
  2. 02Settings → Community Nodes
  3. 03Install a community node → enter n8n-nodes-privent
  4. 04Confirm the risk acknowledgement and install
  5. 05Worker restart completes within ~30 seconds
n8n Cloud Free does not expose the Community Nodes menu. Upgrade to Pro / Enterprise or self-host.
Self-host · Manual (offline / air-gapped)

Install the package directly into the n8n custom-extensions directory when the editor cannot reach npm.

mkdir -p ~/.n8n/nodes
cd ~/.n8n/nodes
npm init -y
npm install n8n-nodes-privent

N8N_CUSTOM_EXTENSIONS=~/.n8n/nodes n8n start
04

Credential Setup

Create a Privent API credential in n8n so every Privent node authenticates against your organization.

Fields
API KeyYour AGENT_SDK key. Format: pv_live_<base64url>. Stored encrypted at rest by n8n.
Base URLDefaults to https://api.privent.ai. Override only when running a self-hosted Privent backend.
Vault BackendIn-Memory for self-host single-worker. Use Privent Cloud when n8n runs in queue mode with multiple workers.
  1. 01Credentials → New → search Privent API
  2. 02Paste your AGENT_SDK key into API Key
  3. 03Leave Base URL on the default unless you self-host the backend
  4. 04Choose In-Memory vault backend for most setups
  5. 05Click Test: a green checkmark with Connection successful! confirms auth
Wrong key returns 401 Invalid api key. The credential is rejected at save-time so misconfiguration never reaches a running workflow.
05

Quick Start Workflow

A six-node chain that opens a session, tokenizes the prompt, scores its risk, detokenizes at trusted egress, and audits every handoff.

01
Privent Session

Generates a session ID and trace ID, prewarms an in-memory vault for the run, and emits a session_open audit event. Place this immediately after your trigger; every downstream Privent node reads its sessionId from here.

02
Privent Tokenize

Scans the configured text field with 10 regex detectors plus an optional ML pass, then replaces every detection with a deterministic [KIND_NNN] placeholder. Returns the tokenized text, the entity list, and a per-prompt risk score.

03
Privent Risk Check

Standalone scoring node. Use it as a tool input for AI Agents, or as a Switch source to route HIGH/CRITICAL prompts into a human-review branch. The risk score is also embedded in the Tokenize output, so this node is optional.

04
Privent Detokenize

Resolves [KIND_NNN] tokens back to the original values right before a trusted egress sink (HTTP Request, database, internal API). In strict mode, the node hashes the sink URL into a sinkId and matches it against the trustedSinks prefix list; non-matching sinks keep the placeholder.

05
Privent Handoff

Emits an agent_handoff audit event whenever one agent delegates to another agent or to an external sink. Reason enum: delegation · subgraph_call · tool_invocation · webhook_trigger · other. These events feed the Trust Map graph and the delegation violation surface.

06
Privent Audit Event

Drop anywhere in the workflow to emit a custom observability event (llm_call cost, tool_invocation, error). Same audit pipeline as the rest of the nodes: no branching logic, just structured signal.

example tokenize output
Input
"Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111."

After Tokenize
"Hi, my email is [EMAIL_001] and SSN is [SSN_001]. Card: [CREDIT_CARD_001]."

After Detokenize at egress
"Hi, my email is alice@acme.com and SSN is 123-45-6789. Card: 4111-1111-1111-1111."
Pass the same sessionId from Privent Session to every downstream node. n8n expressions ({{$('Privent Session').item.json.sessionId}}) handle this automatically when the nodes are wired in order.
06

Verification

Confirm the integration is wired correctly and your traffic is reaching real Privent ML, not the local fallback.

01
Run the workflow with a synthetic prompt

Use a string with mixed entities such as "alice@acme.com / 123-45-6789 / 4111-1111-1111-1111". Execute the workflow once via the manual trigger.

02
Inspect the Tokenize output

The text field should contain [EMAIL_NNN], [SSN_NNN], and [CREDIT_CARD_NNN] placeholders. The privent.entities array should list the three detections with confidence > 0.8.

03
Confirm real ML scored the prompt

On the Risk Check node output, the privent.model field must NOT equal fallback. A real model identifier means traffic reached Privent Cloud and the auth chain is healthy.

04
Verify round-trip detokenization

The Detokenize node output text should match the original prompt byte-for-byte. Any drift indicates a session ID mismatch or a vault lookup miss.

07

Troubleshooting

Common issues and how to resolve them.

Privent nodes do not appear in the editor search

The package was published to npm but never installed on this n8n instance. Open Settings → Community Nodes and install n8n-nodes-privent. Self-host docker also requires N8N_COMMUNITY_PACKAGES_ENABLED=true at boot.

Credential test returns 401 Invalid api key

The AGENT_SDK key is missing, malformed, or revoked. Confirm the key is active in the Privent dashboard and that it is an AGENT_SDK key; extension keys are scoped differently and will fail here.

Risk Check returns model = fallback

Inspect the Risk Check node output for privent.model: 'fallback'. When fallback fires, the SDK couldn't reach api.privent.ai or the per-host circuit breaker is OPEN. Confirm api.privent.ai is reachable from the n8n host and that the AGENT_SDK key is still active. The score stays usable (defaults to risk_score: 0, LOW); the integration is audit-only and never blocks the workflow.

Detokenize returns the tokenized text unchanged

The session ID at Detokenize does not match the one used at Tokenize. Re-check the Session ID expression: both nodes should reference {{$('Privent Session').item.json.sessionId}}.

Multi-worker n8n loses tokens between Tokenize and Detokenize

In queue mode, in-memory vaults are scoped per worker. Switch the credential's Vault Backend to Privent Cloud so token state is shared across workers.

Native build error during install (isolated-vm gyp fail)

Add --ignore-scripts --omit=optional to the npm install when running the manual install path. The n8n image already bundles isolated-vm; community packages don't need to rebuild it.

Still stuck? Email hello@privent.ai with your n8n version, the package version (visible under Settings → Community Nodes), and the workflow JSON if possible.