fix(core): Wire EncryptionKeyProxy provider on bootstrap (#29581)

packages/cli/src/modules/encryption-key-manager/__tests__/encryption-bootstrap.service.test.ts

@@ -1,11 +1,12 @@
 import { mockInstance, mockLogger } from '@n8n/backend-test-utils';
-import { InstanceSettings } from 'n8n-core';
+import { EncryptionKeyProxy, InstanceSettings } from 'n8n-core';
 
 import { KeyManagerService } from '../key-manager.service';
 import { EncryptionBootstrapService } from '../encryption-bootstrap.service';
 
 describe('EncryptionBootstrapService', () => {
 	const keyManager = mockInstance(KeyManagerService);
+	const encryptionKeyProxy = mockInstance(EncryptionKeyProxy);
 
 	beforeEach(() => {
 		jest.clearAllMocks();
@@ -17,6 +18,7 @@ describe('EncryptionBootstrapService', () => {
 		new EncryptionBootstrapService(
 			keyManager,
 			mockInstance(InstanceSettings, { encryptionKey: 'test-instance-key' }),
+			encryptionKeyProxy,
 			mockLogger(),
 		);
 
@@ -32,6 +34,12 @@ describe('EncryptionBootstrapService', () => {
 		expect(keyManager.bootstrapGcmKey).toHaveBeenCalled();
 	});
 
+	it('wires the key manager into the encryption key proxy', async () => {
+		await createService().run();
+
+		expect(encryptionKeyProxy.setProvider).toHaveBeenCalledWith(keyManager);
+	});
+
 	it('bootstraps CBC before GCM', async () => {
 		const order: string[] = [];
 		keyManager.bootstrapLegacyCbcKey.mockImplementation(async () => {

packages/cli/src/modules/encryption-key-manager/encryption-bootstrap.service.ts

@@ -1,6 +1,6 @@
 import { Logger } from '@n8n/backend-common';
 import { Service } from '@n8n/di';
-import { InstanceSettings } from 'n8n-core';
+import { EncryptionKeyProxy, InstanceSettings } from 'n8n-core';
 
 import { KeyManagerService } from './key-manager.service';
 
@@ -9,6 +9,7 @@ export class EncryptionBootstrapService {
 	constructor(
 		private readonly keyManager: KeyManagerService,
 		private readonly instanceSettings: InstanceSettings,
+		private readonly encryptionKeyProxy: EncryptionKeyProxy,
 		private readonly logger: Logger,
 	) {
 		this.logger = this.logger.scoped('encryption-key-manager');
@@ -17,6 +18,7 @@ export class EncryptionBootstrapService {
 	async run(): Promise<void> {
 		await this.keyManager.bootstrapLegacyCbcKey(this.instanceSettings.encryptionKey);
 		await this.keyManager.bootstrapGcmKey();
+		this.encryptionKeyProxy.setProvider(this.keyManager);
 		this.logger.debug('Encryption key bootstrap complete');
 	}
 }

packages/cli/test/setup-mocks.ts

@@ -1,5 +1,21 @@
 import 'reflect-metadata';
 
+// Clear proxy env vars so axios doesn't create HttpsProxyAgent for outbound requests.
+// Nock 14 uses @mswjs/interceptors which cannot intercept requests routed through a
+// proxy agent, causing "No socket was returned" failures when no real proxy is reachable.
+for (const key of [
+	'HTTP_PROXY',
+	'http_proxy',
+	'HTTPS_PROXY',
+	'https_proxy',
+	'ALL_PROXY',
+	'all_proxy',
+	'NO_PROXY',
+	'no_proxy',
+]) {
+	delete process.env[key];
+}
+
 jest.mock('@sentry/node');
 jest.mock('@n8n_io/license-sdk');
 jest.mock('@/telemetry');