Authentication
This guide covers Langflow's authentication system and API key management, including how to secure your deployment and manage access to flows and components.
The Langflow project includes a .env.example
file to help you get started.
You can copy the contents of this file into your own .env
file and replace the example values with your own preferred settings.
Authentication configuration values
The section describes the available authentication configuration variables.
LANGFLOW_AUTO_LOGIN
When True
, Langflow automatically logs users in with username langflow
and password langflow
without requiring user authentication.
To disable automatic login and enforce user authentication, set this value to False
in your .env
file.
By default, this variable is set to True
.
_10LANGFLOW_AUTO_LOGIN=True
LANGFLOW_SUPERUSER and LANGFLOW_SUPERUSER_PASSWORD
These environment variables are only relevant when LANGFLOW_AUTO_LOGIN
is set to False
.
They specify the username and password for the superuser, which is essential for administrative tasks:
_10LANGFLOW_SUPERUSER=administrator_10LANGFLOW_SUPERUSER_PASSWORD=securepassword
LANGFLOW_SECRET_KEY
This environment variable holds a secret key used for encrypting sensitive data like API keys. Langflow uses the Fernet library for secret key encryption.
_10LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb
If no secret key is provided, Langflow automatically generates one. This is not recommended for production environments, especially in multi-instance deployments like Kubernetes, where auto-generated keys can't decrypt data encrypted by other instances.
To generate a LANGFLOW_SECRET_KEY
, follow these steps:
- Run the command to generate and copy a secret to the clipboard.
- macOS/Linux
- Windows
_10# Copy to clipboard (macOS)_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy_10_10# Copy to clipboard (Linux)_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard_10_10# Or just print_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"
_10# Copy to clipboard_10python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | clip_10_10# Or just print_10python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"
- Paste the value into your
.env
file:
_10LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb
LANGFLOW_NEW_USER_IS_ACTIVE
When this option is set to True
, new users are automatically activated and can log in without requiring explicit activation by the superuser from the Admin page.
By default, this variable is set to False
.
_10LANGFLOW_NEW_USER_IS_ACTIVE=False
Start a secure Langflow server with authentication
Start a secure Langflow server with authentication enabled and secret key encryption using the variables described in Authentication configuration values.
Once you are logged in as a superuser, create a new user on your server.
Start the Langflow server
- Create a
.env
file and populate it with values for a secure server. This server creates a superuser account, requires users to log in before using Langflow, and encrypts secrets withLANGFLOW_SECRET_KEY
, which is added in the next step. Create a.env
file with the following configuration:
_10LANGFLOW_AUTO_LOGIN=False_10LANGFLOW_SUPERUSER=administrator_10LANGFLOW_SUPERUSER_PASSWORD=securepassword_10LANGFLOW_SECRET_KEY=your_generated_key_10LANGFLOW_NEW_USER_IS_ACTIVE=False
- Generate a secret key for encrypting sensitive data.
Generate your secret key using one of the following commands:
- macOS/Linux
- Windows
_10# Copy to clipboard (macOS)_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy_10_10# Copy to clipboard (Linux)_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard_10_10# Or just print_10python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"
_10# Copy to clipboard_10python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | clip_10_10# Or just print_10python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"
-
Paste your
LANGFLOW_SECRET_KEY
into the.env
file. -
Start Langflow with the configuration from your
.env
file.
_10uv run langflow run --env-file .env
- Verify the server is running. The default location is
http://localhost:7860
.
Manage users as an administrator
- To complete your first-time login as a superuser, go to
http://localhost:7860/login
. - Log in with your superuser credentials:
- Username: Value of
LANGFLOW_SUPERUSER
(for example,administrator
) - Password: Value of
LANGFLOW_SUPERUSER_PASSWORD
(for example,securepassword
)
The default values are langflow
and langflow
.
- To manage users on your server, navigate to the
/admin
page athttp://localhost:7860/admin
. Click your user profile image, and then click Admin Page.
As a superuser, you can create users, set permissions, reset passwords, and delete accounts.
- To create a user, in the Langflow UI, click New User, and then complete the following fields:
- Username
- Password and Confirm Password
- Select Active and deselect Superuser for the new user. Active users can log into the system and access their flows. Inactive users cannot log in or see their flows. A Superuser has full administrative privileges.
- To complete user creation, click Save. Your new user appears in the Admin Page.
- To confirm your new user's functionality, log out of Langflow, and log back in with your new user's credentials.
Attempt to access the
/admin
page. You should be redirected to the/flows
page, because the new user is not a superuser.
You have started a secure Langflow server with authentication enabled and secret key encryption.