jyapayne/langflow
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
langflow/docs/docs/Configuration/configuration-authentication.md
Mendon Kissling 21870d3618
 docs: update API and authentication pages (#7271) 
* add-secure-server-guide

* auth-page-complete

* end-sentence

* end-sentence-remove-content

* docs: Update API keys documentation for clarity and structure

* docs: Enhance configuration documentation for API keys and secret key generation

* swap-end-sentences

* Apply suggestions from code review

Co-authored-by: KimberlyFields <46325568+KimberlyFields@users.noreply.github.com>

* fields-bold-and-ui-location

---------

Co-authored-by: KimberlyFields <46325568+KimberlyFields@users.noreply.github.com>
2025-04-01 13:36:35 +00:00

6.6 KiB
Raw Blame History

title slug
Authentication /configuration-authentication

import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';

This guide covers Langflow's authentication system and API key management, including how to secure your deployment and manage access to flows and components.

:::tip The Langflow project includes a .env.example file to help you get started. You can copy the contents of this file into your own .env file and replace the example values with your own preferred settings. :::

Authentication configuration values

The section describes the available authentication configuration variables.

LANGFLOW_AUTO_LOGIN

When True, Langflow automatically logs users in with username langflow and password langflow without requiring user authentication. To disable automatic login and enforce user authentication, set this value to False in your .env file. By default, this variable is set to True.

LANGFLOW_AUTO_LOGIN=True

LANGFLOW_SUPERUSER and LANGFLOW_SUPERUSER_PASSWORD

These environment variables are only relevant when LANGFLOW_AUTO_LOGIN is set to False. They specify the username and password for the superuser, which is essential for administrative tasks:

LANGFLOW_SUPERUSER=administrator
LANGFLOW_SUPERUSER_PASSWORD=securepassword

LANGFLOW_SECRET_KEY

This environment variable holds a secret key used for encrypting sensitive data like API keys. Langflow uses the Fernet library for secret key encryption.

LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb

:::warning If no secret key is provided, Langflow automatically generates one. This is not recommended for production environments, especially in multi-instance deployments like Kubernetes, where auto-generated keys can't decrypt data encrypted by other instances. :::

To generate a LANGFLOW_SECRET_KEY, follow these steps:

  1. Run the command to generate and copy a secret to the clipboard.
# Copy to clipboard (macOS)
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy

# Copy to clipboard (Linux)
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard

# Or just print
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"

# Copy to clipboard
python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | clip

# Or just print
python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"
  1. Paste the value into your .env file:
LANGFLOW_SECRET_KEY=dBuuuB_FHLvU8T9eUNlxQF9ppqRxwWpXXQ42kM2_fb

LANGFLOW_NEW_USER_IS_ACTIVE

When this option is set to True, new users are automatically activated and can log in without requiring explicit activation by the superuser from the Admin page. By default, this variable is set to False.

LANGFLOW_NEW_USER_IS_ACTIVE=False

Start a secure Langflow server with authentication

Start a secure Langflow server with authentication enabled and secret key encryption using the variables described in Authentication configuration values.

Once you are logged in as a superuser, create a new user on your server.

Start the Langflow server

  1. Create a .env file and populate it with values for a secure server. This server creates a superuser account, requires users to log in before using Langflow, and encrypts secrets with LANGFLOW_SECRET_KEY, which is added in the next step. Create a .env file with the following configuration:
LANGFLOW_AUTO_LOGIN=False
LANGFLOW_SUPERUSER=administrator
LANGFLOW_SUPERUSER_PASSWORD=securepassword
LANGFLOW_SECRET_KEY=your_generated_key
LANGFLOW_NEW_USER_IS_ACTIVE=False
  1. Generate a secret key for encrypting sensitive data.

Generate your secret key using one of the following commands:

# Copy to clipboard (macOS)
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | pbcopy

# Copy to clipboard (Linux)
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | xclip -selection clipboard

# Or just print
python3 -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"

# Copy to clipboard
python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')" | clip

# Or just print
python -c "from secrets import token_urlsafe; print(f'LANGFLOW_SECRET_KEY={token_urlsafe(32)}')"

  1. Paste your LANGFLOW_SECRET_KEY into the .env file.

  2. Start Langflow with the configuration from your .env file.

uv run langflow run --env-file .env
  1. Verify the server is running. The default location is http://localhost:7860.

Manage users as an administrator

  1. To complete your first-time login as a superuser, go to http://localhost:7860/login.
  2. Log in with your superuser credentials:
  • Username: Value of LANGFLOW_SUPERUSER (for example, administrator)
  • Password: Value of LANGFLOW_SUPERUSER_PASSWORD (for example, securepassword)

:::info The default values are langflow and langflow. :::

  1. To manage users on your server, navigate to the /admin page at http://localhost:7860/admin. Click your user profile image, and then click Admin Page.

As a superuser, you can create users, set permissions, reset passwords, and delete accounts.

  1. To create a user, in the Langflow UI, click New User, and then complete the following fields:
  • Username
  • Password and Confirm Password
  • Select Active and deselect Superuser for the new user. Active users can log into the system and access their flows. Inactive users cannot log in or see their flows. A Superuser has full administrative privileges.
  1. To complete user creation, click Save. Your new user appears in the Admin Page.
  2. To confirm your new user's functionality, log out of Langflow, and log back in with your new user's credentials. Attempt to access the /admin page. You should be redirected to the /flows page, because the new user is not a superuser.

You have started a secure Langflow server with authentication enabled and secret key encryption.