n8n-nodes-privatebin
v1.0.0
Published
An n8n node to create end-to-end encrypted PrivateBin pastes (privatebin.net or self-hosted PrivateBin instances)
Maintainers
Readme
n8n-nodes-privatebin
An n8n community node that creates end-to-end encrypted PrivateBin pastes and returns a one-click shareable link.
⚠️ This node is for PrivateBin only — the public privatebin.net instance or your own self-hosted PrivateBin. It does not work with pastebin.com or any other paste service.
Encryption happens entirely inside the node — the PrivateBin server only ever stores ciphertext, and the decryption key travels in the URL fragment (after the #), which is never sent to the server. This makes it a clean, secure way to hand sensitive text (a config snippet, a one-time note, a burn-after-reading link) to a downstream step or a human, straight from an automation.
What is PrivateBin?
PrivateBin is an open-source, minimalist, zero-knowledge pastebin where the server has no knowledge of the pasted data. Everything is encrypted and decrypted in the browser (or, here, in the node) using 256-bit AES-GCM. You can use the public instance at privatebin.net or run your own.
Features
- Client-side encryption — AES-256-GCM with a 256-bit random key, so the server never sees your plaintext.
- No browser, no external dependencies — speaks the PrivateBin v2 API directly using only Node's built-in
crypto/zlib. No Puppeteer, no headless Chrome. - Burn after reading — optionally destroy the paste the moment it is first opened.
- Configurable expiry — from 5 minutes up to never.
- Usable as an AI tool — can be wired into agent workflows.
Security model
This node is for sharing sensitive-but-not-secret data — text that is already acceptable to have inside your n8n instance, but that you don't want sitting on the open internet.
- The link is the secret. The decryption key lives in the URL fragment (after
#), so anyone with the full link can read the paste. Share it over a trusted channel and prefer short expiry / burn-after-reading for one-time hand-offs. - The server never sees plaintext. Encryption happens entirely in the node; only ciphertext is uploaded.
- HTTPS is enforced. The instance URL must be
https://(plainhttp://is allowed only forlocalhost), so the upload can't be tampered with in transit. - Not for credentials. Use n8n's own credential store for API keys, passwords, and tokens — not this node.
How it works
The node implements the PrivateBin v2 paste protocol:
- Generates a random 256-bit paste key and Base58-encodes it into the URL fragment.
- Derives an AES key with PBKDF2-HMAC-SHA256 (100,000 iterations, 64-bit salt).
- Compresses the payload with raw DEFLATE.
- Encrypts it with AES-256-GCM (96-bit nonce, 128-bit auth tag), authenticating the encryption spec as additional data.
- Uploads only the ciphertext, then builds the shareable
…/?<id>#<key>link.
The PrivateBin client in this package was written from scratch for this open-source project. It is not affiliated with, or an official library of, the PrivateBin project.
Installation
In n8n, go to Settings → Community Nodes → Install and enter:
n8n-nodes-privatebinOr install manually in your n8n custom nodes directory:
npm install n8n-nodes-privatebinUsage
- Add the PrivateBin node to your workflow.
- Create a PrivateBin API credential and set the instance URL —
https://privatebin.net/(default) or your own self-hosted PrivateBin. When you save the credential, n8n tests the connection and only confirms it if the URL is a reachable, genuine PrivateBin instance. - Set Content to the text or secret you want to share.
- (Optional) Choose an Expire time, toggle Burn After Reading, and pick a Format.
- Execute the workflow.
Credential
| Field | Description | | --- | --- | | PrivateBin URL | The URL of your PrivateBin instance (privatebin.net or self-hosted). Must be HTTPS. Verified on save by fetching the instance's read-only JSON-LD schema and checking for a PrivateBin marker. |
Parameters
| Parameter | Description |
| --- | --- |
| Content | The text to encrypt and paste. |
| Expire | When the paste expires (5min … never). |
| Burn After Reading | Delete the paste immediately after it is read once. |
| Format | How the paste is displayed (Plain Text, Source Code, Markdown). |
Output
Each item is enriched with:
| Field | Description |
| --- | --- |
| privateBinLink | The full shareable URL, including the decryption key in the fragment. |
| pasteId | The PrivateBin paste identifier. |
| deleteToken | Token that can be used to delete the paste. |
Development
npm install # install dependencies
npm run build # compile TypeScript to dist/
npm run lint # lint against n8n community-node rules
npm test # build, then run the encryption/roundtrip tests
npm run dev # run against a local n8n instanceTrademarks & credits
The PrivateBin name, logo, and icon belong to the PrivateBin project and are used here only to identify the service this node integrates with. This is an independent community node and is not affiliated with or endorsed by the PrivateBin project.
