โ† Back to Docs

๐Ÿฆœ LangChain Integration

Secure credential management for LangChain agents and chains

Installation

pip install langchain-avp

Quick Start

from langchain_avp import AVPCredentialProvider
from langchain_openai import ChatOpenAI

# Create credential provider with file backend
provider = AVPCredentialProvider(
    vault_path="~/.avp/vault.enc",
    password="your-password"
)

# Store your API key once
provider.set_credential("OPENAI_API_KEY", "sk-...")

# Create LLM with credentials from AVP
llm = ChatOpenAI(
    api_key=provider.get_credential("OPENAI_API_KEY")
)

# Use the LLM
response = llm.invoke("Hello, world!")
print(response.content)

Features

๐Ÿ” Encrypted Storage

API keys are encrypted at rest using AES-256, not stored in plaintext config files.

๐Ÿท๏ธ Workspace Isolation

Separate credentials by project, environment, or agent to prevent cross-contamination.

๐Ÿ“ Audit Callbacks

Track every credential access with built-in LangChain callbacks.

๐Ÿ”„ Credential Rotation

Rotate API keys without redeploying your agents.

AVPCredentialProvider

Drop-in credential provider for LangChain.

from langchain_avp import AVPCredentialProvider, Backend

# File backend (default)
provider = AVPCredentialProvider(
    vault_path="~/.avp/vault.enc",
    password="your-password",
    workspace="langchain-agent"
)

# Memory backend (for testing)
provider = AVPCredentialProvider(backend=Backend.MEMORY)

# Keychain backend (most secure without hardware)
provider = AVPCredentialProvider(backend=Backend.KEYCHAIN)

Methods

# Store credentials
provider.set_credential("OPENAI_API_KEY", "sk-...")
provider.set_credential("ANTHROPIC_API_KEY", "sk-ant-...")

# Retrieve credentials
api_key = provider.get_credential("OPENAI_API_KEY")

# Check if credential exists
if provider.has_credential("OPENAI_API_KEY"):
    print("Key is configured")

# List all credentials
keys = provider.list_credentials()

# Delete credential
provider.delete_credential("OLD_API_KEY")

# Rotate credential
provider.rotate_credential("OPENAI_API_KEY", "sk-new-...")

Audit Callback

Track credential access in your LangChain runs.

from langchain_avp import AVPCredentialCallback
from langchain.callbacks.manager import CallbackManager

# Create callback
avp_callback = AVPCredentialCallback(provider)

# Add to your chain/agent
callback_manager = CallbackManager([avp_callback])

# Use with LLM
llm = ChatOpenAI(
    api_key=provider.get_credential("OPENAI_API_KEY"),
    callbacks=callback_manager
)

# The callback logs every credential access:
# [AVP Audit] Retrieved: OPENAI_API_KEY (workspace: langchain-agent)

Helper Functions

get_llm_with_avp

Quick setup for common LLM providers.

from langchain_avp import get_llm_with_avp

# OpenAI
llm = get_llm_with_avp(
    provider,
    provider_type="openai",
    model="gpt-4"
)

# Anthropic
llm = get_llm_with_avp(
    provider,
    provider_type="anthropic",
    model="claude-3-opus-20240229"
)

load_credentials

Load multiple credentials at once.

from langchain_avp import load_credentials

# Load into environment
load_credentials(provider, ["OPENAI_API_KEY", "SERPAPI_API_KEY"])

# Now accessible via os.environ
import os
print(os.environ["OPENAI_API_KEY"])

Complete Example

"""LangChain agent with AVP credential management."""

from langchain_avp import AVPCredentialProvider, AVPCredentialCallback
from langchain_openai import ChatOpenAI
from langchain.agents import AgentExecutor, create_react_agent
from langchain.tools import DuckDuckGoSearchRun
from langchain import hub

# Setup credential provider
provider = AVPCredentialProvider(
    vault_path="~/.avp/vault.enc",
    password="your-password",
    workspace="search-agent"
)

# Store API key (do this once)
# provider.set_credential("OPENAI_API_KEY", "sk-...")

# Create LLM with AVP credentials
llm = ChatOpenAI(
    api_key=provider.get_credential("OPENAI_API_KEY"),
    model="gpt-4",
    callbacks=[AVPCredentialCallback(provider)]
)

# Setup agent
tools = [DuckDuckGoSearchRun()]
prompt = hub.pull("hwchase17/react")
agent = create_react_agent(llm, tools, prompt)
agent_executor = AgentExecutor(agent=agent, tools=tools)

# Run agent
result = agent_executor.invoke({
    "input": "What's the latest news about AI safety?"
})
print(result["output"])

# Clean up
provider.close()
๐Ÿ’ก Migration from .env files:
Moving from .env to AVP? Use the CLI: avp import .env --format dotenv --workspace langchain