Skip to main content

Authentication

This guide covers Langflow's authentication system and API key management, including how to secure your deployment and manage access to flows and components.

warning

Never expose Langflow ports directly to the internet without proper security measures.

Disable LANGFLOW_AUTO_LOGIN, use a secure LANGFLOW_SECRET_KEY, and ensure your Langflow server is behind a reverse proxy with authentication enabled. For more information, see Start a secure Langflow server with authentication.

Authentication configuration values

The section describes the available authentication configuration variables.

The Langflow project includes a .env.example file to help you get started. You can copy the contents of this file into your own .env file and replace the example values with your own preferred settings.

LANGFLOW_AUTO_LOGIN

When True, Langflow automatically logs users in with username langflow and password langflow without requiring user authentication. To disable automatic login and enforce user authentication, set this value to False in your .env file. By default, this variable is set to True.

Langflow does not allow users to have simultaneous or shared access to flows. If AUTO_LOGIN is enabled and user management is disabled (LANGFLOW_NEW_USER_IS_ACTIVE=true), users can access the same environment, but it is not password protected. If two users access the same flow, Langflow saves only the work of the last user to save.


_10
LANGFLOW_AUTO_LOGIN=True

LANGFLOW_SUPERUSER and LANGFLOW_SUPERUSER_PASSWORD

These environment variables are only relevant when LANGFLOW_AUTO_LOGIN is set to False. They specify the username and password for the superuser, which is essential for administrative tasks:


_10
LANGFLOW_SUPERUSER=administrator
_10
LANGFLOW_SUPERUSER_PASSWORD=securepassword

LANGFLOW_SECRET_KEY

This environment variable holds a secret key used for encrypting sensitive data like API keys. Langflow uses the Fernet library for secret key encryption.


_10
LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb

warning

If no secret key is provided, Langflow automatically generates one. This is not recommended for production environments, especially in multi-instance deployments like Kubernetes, where auto-generated keys can't decrypt data encrypted by other instances.

To generate a LANGFLOW_SECRET_KEY, follow these steps:

  1. Run the command to generate and copy a secret to the clipboard.

_10
# Copy to clipboard (macOS)
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy
_10
_10
# Copy to clipboard (Linux)
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard
_10
_10
# Or just print
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"

  1. Paste the value into your .env file:

_10
LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb

LANGFLOW_NEW_USER_IS_ACTIVE

When this option is set to True, new users are automatically activated and can log in without requiring explicit activation by the superuser from the Admin page. By default, this variable is set to False.


_10
LANGFLOW_NEW_USER_IS_ACTIVE=False

Start a secure Langflow server with authentication

Start a secure Langflow server with authentication enabled and secret key encryption using the variables described in Authentication configuration values.

Once you are logged in as a superuser, create a new user on your server.

Start the Langflow server

  1. Create a .env file and populate it with values for a secure server. This server creates a superuser account, requires users to log in before using Langflow, and encrypts secrets with LANGFLOW_SECRET_KEY, which is added in the next step. Create a .env file with the following configuration:

_10
LANGFLOW_AUTO_LOGIN=False
_10
LANGFLOW_SUPERUSER=administrator
_10
LANGFLOW_SUPERUSER_PASSWORD=securepassword
_10
LANGFLOW_SECRET_KEY=your_generated_key
_10
LANGFLOW_NEW_USER_IS_ACTIVE=False

  1. Generate a secret key for encrypting sensitive data.

Generate your secret key using one of the following commands:


_10
# Copy to clipboard (macOS)
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy
_10
_10
# Copy to clipboard (Linux)
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard
_10
_10
# Or just print
_10
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"

  1. Paste your LANGFLOW_SECRET_KEY into the .env file.

  2. Start Langflow with the configuration from your .env file.


_10
uv run langflow run --env-file .env

  1. Verify the server is running. The default location is http://localhost:7860.

Manage users as an administrator

  1. To complete your first-time login as a superuser, go to http://localhost:7860/login.
  2. Log in with your superuser credentials:
  • Username: Value of LANGFLOW_SUPERUSER (for example, administrator)
  • Password: Value of LANGFLOW_SUPERUSER_PASSWORD (for example, securepassword)
info

The default values are langflow and langflow.

  1. To manage users on your server, navigate to the /admin page at http://localhost:7860/admin. Click your user profile image, and then click Admin Page.

As a superuser, you can create users, set permissions, reset passwords, and delete accounts.

  1. To create a user, in the Langflow UI, click New User, and then complete the following fields:
  • Username
  • Password and Confirm Password
  • Select Active and deselect Superuser for the new user. Active users can log into the system and access their flows. Inactive users cannot log in or see their flows. A Superuser has full administrative privileges.
  1. To complete user creation, click Save. Your new user appears in the Admin Page.
  2. To confirm your new user's functionality, log out of Langflow, and log back in with your new user's credentials. Attempt to access the /admin page. You should be redirected to the /flows page, because the new user is not a superuser.

You have started a secure Langflow server with authentication enabled and secret key encryption.

Search