From ea5806f30e996c7aa1376ad42a3be8582f29a86b Mon Sep 17 00:00:00 2001
From: Mendon Kissling <59585235+mendonk@users.noreply.github.com>
Date: Mon, 3 Feb 2025 11:27:28 -0500
Subject: [PATCH] docs: add guide for rotating LANGFLOW_SECRET_KEY (#6091)

docs: Add guide for rotating LANGFLOW_SECRET_KEY
---
 .../Configuration/configuration-authentication.md    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/docs/Configuration/configuration-authentication.md b/docs/docs/Configuration/configuration-authentication.md
index 95d30ee30..6c494b1cd 100644
--- a/docs/docs/Configuration/configuration-authentication.md
+++ b/docs/docs/Configuration/configuration-authentication.md
@@ -169,6 +169,18 @@ The generated secret key value is now used to encrypt your global variables.
 
 If no key is provided, Langflow will automatically generate a secure key. This is not recommended for production environments, because in a multi-instance deployment like Kubernetes, auto-generated keys won't be able to decrypt data encrypted by other instances. Instead, you should explicitly set the `LANGFLOW_SECRET_KEY` environment variable in the deployment configuration to be the same across all instances.
 
+### Rotate the LANGFLOW_SECRET_KEY
+
+To rotate the key, follow these steps.
+
+1. Create a new `LANGFLOW_SECRET_KEY` with the command in [Create a LANGFLOW_SECRET_KEY](#create-a-langflow_secret_key).
+2. Stop your Langflow instance.
+3. Update the `LANGFLOW_SECRET_KEY` in your `.env` file with the new key.
+4. Restart Langflow with the updated environment file:
+```bash
+langflow run --env-file .env
+```
+
 ### LANGFLOW_NEW_USER_IS_ACTIVE
 
 By default, this variable is set to `False`. When enabled, new users are automatically activated and can log in without requiring explicit activation by the superuser.