Skip to main content

Security best practices

This guide outlines security best practices for deploying and managing Langflow.

Secret key protection

The secret key is critical for encrypting sensitive data in Langflow. Follow these guidelines:

  • Always use a custom secret key in production:


    _10
    LANGFLOW_SECRET_KEY=your-secure-secret-key

  • Store the secret key securely:

    • Use environment variables or secure secret management systems.
    • Never commit the secret key to version control.
    • Regularly rotate the secret key.

  • Use the default secret key locations:

    • macOS: ~/Library/Caches/langflow/secret_key
    • Linux: ~/.cache/langflow/secret_key
    • Windows: %USERPROFILE%\AppData\Local\langflow\secret_key

API keys and credentials

  • Store API keys and credentials as encrypted global variables.
  • Use the Credential type for sensitive information.
  • Implement proper access controls for users who can view/edit credentials.
  • Regularly audit and rotate API keys.

Database file protection

  • Store the database in a secure location:


    _10
    LANGFLOW_SAVE_DB_IN_CONFIG_DIR=true
    _10
    LANGFLOW_CONFIG_DIR=/secure/path/to/config

  • Use the default database locations:

    • macOS/Linux: PYTHON_LOCATION/site-packages/langflow/langflow.db
    • Windows: PYTHON_LOCATION\Lib\site-packages\langflow\langflow.db

Hi, how can I help you?