diff --git a/deployments/apps/n8n/deployment.yaml b/deployments/apps/n8n/deployment.yaml
new file mode 100644
index 0000000..8907ba1
--- /dev/null
+++ b/deployments/apps/n8n/deployment.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: n8n
+  namespace: apps
+  labels:
+    app: n8n
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: n8n
+  template:
+    metadata:
+      labels:
+        app: n8n
+    spec:
+      containers:
+        - name: n8n
+          image: n8nio/n8n:1.57.0
+          ports:
+            - containerPort: 5678
+          env:
+            - name: N8N_HOST
+              value: "n8n.khalisio.com"
+            - name: N8N_PROTOCOL
+              value: "https"
+            - name: WEBHOOK_URL
+              value: "https://n8n.khalisio.com/"
+            - name: N8N_ENCRYPTION_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: n8n-secret
+                  key: N8N_ENCRYPTION_KEY
+          resources:
+            requests:
+              cpu: 200m
+              memory: 256Mi
+            limits:
+              cpu: 1000m
+              memory: 1Gi
+          volumeMounts:
+            - name: n8n-data
+              mountPath: /home/node/.n8n
+      volumes:
+        - name: n8n-data
+          persistentVolumeClaim:
+            claimName: n8n-data
diff --git a/deployments/apps/n8n/externalsecret.yaml b/deployments/apps/n8n/externalsecret.yaml
new file mode 100644
index 0000000..a94be70
--- /dev/null
+++ b/deployments/apps/n8n/externalsecret.yaml
@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: n8n-secret
+  namespace: apps
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: n8n-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: N8N_ENCRYPTION_KEY
+      remoteRef:
+        key: secret/data/Talos Cluster/apps/n8n
+        property: N8N_ENCRYPTION_KEY
diff --git a/deployments/apps/n8n/ingress.yaml b/deployments/apps/n8n/ingress.yaml
new file mode 100644
index 0000000..63fa9ef
--- /dev/null
+++ b/deployments/apps/n8n/ingress.yaml
@@ -0,0 +1,17 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: n8n
+  namespace: apps
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`n8n.khalisio.com`)
+      kind: Rule
+      services:
+        - name: n8n
+          port: 80
+  tls:
+    secretName: n8n-tls
+    certResolver: letsencrypt
diff --git a/deployments/apps/n8n/pvc.yaml b/deployments/apps/n8n/pvc.yaml
new file mode 100644
index 0000000..a3699fa
--- /dev/null
+++ b/deployments/apps/n8n/pvc.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: n8n-data
+  namespace: apps
+spec:
+  accessModes: [ReadWriteOnce]
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 5Gi
diff --git a/deployments/apps/n8n/service.yaml b/deployments/apps/n8n/service.yaml
new file mode 100644
index 0000000..19d0c9f
--- /dev/null
+++ b/deployments/apps/n8n/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: n8n
+  namespace: apps
+spec:
+  selector:
+    app: n8n
+  ports:
+    - port: 80
+      targetPort: 5678
+  type: ClusterIP