In self hosted n8n deployments for managing Manufacturing Records Book MRB processes for Hydraulic Power Units engineers often integrate Google services to automate data gathering and updates.
For instance a workflow might gather datasheets from suppliers or Google Drive and automatically update Google Sheets with a components test results or compliance records for the MRB.
A common issue arises with credential reuse across nodes in these automation setups.
A credential set up for Google Sheets action operations (e.g. Append Update or Lookup rows to record HPU assembly data) works fine in those nodes but fails to show in the dropdown for the Google Sheets Trigger node which might watch for new datasheet entries.
This can seem like n8n requires unique credentials per workflow. In reality it stems from credential typing not workflow scoping.
Credential Typing in n8n
n8n credentials are defined by type, corresponding to specific node families and authentication methods.
Standard Google Sheets nodes (actions) require the credential type Google Sheets OAuth2 API.
The Google Sheets Trigger node requires the distinct type Google Sheets Trigger OAuth2 API.
These are separate credential definitions within n8n. Nodes filter their credential dropdowns to display only matching types, excluding others even when they authenticate the same Google account using identical OAuth2 client details.
Consequently, two credential records must be created: one for actions and one for triggers, both linked to the same underlying Google Cloud Console OAuth2 application.
Rationale for Separate Trigger Credentials
Trigger nodes differ fundamentally from action nodes in operation.
They perform periodic polling or webhook subscription to detect changes.
They maintain persistent state (e.g., tracking the last processed row to prevent duplicates).
They may require expanded or differing OAuth2 scopes for reliable long term token management.
Isolating triggers into a dedicated credential type ensures appropriate scoping and operational stability.
Factors Contributing to Perceived Workflow Level Restrictions
The primary mechanism is type based filtering in node credential selectors.
In community edition self hosted instances (without the enterprise Projects feature), all credentials created by the user are globally visible. Visibility issues typically reduce to type mismatches rather than access controls.
Recommended Configuration: Reusable Credential Pairs
For most self hosted setups, maintain exactly two Google Sheets credentials.
One of type Google Sheets OAuth2 API (for all action nodes).
One of type Google Sheets Trigger OAuth2 API (for trigger nodes).
These are created once and reused across all workflows.
Both credentials should reference the same Google Cloud OAuth2 client.
Identical Client ID and Client Secret.
Identical redirect URI (pointing to your self hosted n8n instance, e.g., https://n8n.yourdomain.com/oauth2/callback).
This approach avoids duplication at the Google Cloud level while satisfying n8n’s internal typing requirements.
Conceptual Framework
Google Account: The identity being authenticated.
Google Cloud OAuth2 Client: The application credentials (Client ID/Secret).
n8n Credential Record: A stored token set bound to a specific node type.
A single account and OAuth2 client can support multiple n8n credential records differentiated by type.
Best Practices for Credential Management
Adopt consistent naming conventions to improve clarity and reduce selection errors.
Google Sheets Actions
Google Sheets Trigger
For multiple environments.
Google Sheets Actions (Production)
Google Sheets Trigger (Production)
Google Sheets Actions (Development)
Google Sheets Trigger (Development)
Extend the pattern to other Google services (Drive, Gmail, Calendar) as required.
Troubleshooting Credential Visibility Issues
Follow this systematic checklist.
- Examine a functioning action node and record the exact credential type displayed.
- Examine the trigger node and confirm the required type.
- If types differ create the missing type once and reuse indefinitely.
- If types match but the credential remains hidden verify session consistency (all credentials should be visible in single user self hosted environments).
Alternatives for Unified Credentials
The built in Google Sheets nodes do not support a single overarching Google OAuth2 credential spanning actions and triggers.
An advanced alternative involves.
Using the HTTP Request node with a generic OAuth2 credential.
Directly invoking Google Sheets REST APIs.
Implementing custom polling logic and state tracking.
This reduces credential count but increases implementation complexity and maintenance overhead. The standard separate but reusable approach remains preferable for reliability.
Summary of Optimal Self Hosted Configuration
One action credential per Google service.
One trigger credential per Google service (where triggers are used).
Aggressive reuse across workflows.
Single backing Google Cloud OAuth2 client.
This structure provides the most maintainable and scalable integration pattern for n8n based automation in engineering environments.
