# Langflow Environment Variables and Configuration Options: Complete Deployment Guide > Master Langflow deployments by customizing over 30 LANGFLOW_* environment variables. Control database connections, authentication, logging, and more with this complete guide. - Repository: [Langflow/langflow](https://github.com/langflow-ai/langflow) - Tags: deployment-guide - Published: 2026-02-24 --- **Langflow deployments are customized through 30+ `LANGFLOW_*` environment variables parsed by Pydantic `BaseSettings` in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py), controlling database connections, authentication, logging, security policies, and component discovery.** The `langflow-ai/langflow` repository exposes a comprehensive configuration system that allows operators to tailor every aspect of the platform without modifying source code. These settings are read at startup by the **Pydantic-based settings** service and injected into the dependency-injection container, ensuring a single source of truth across the FastAPI backend and CLI components. Whether you are running local development instances or production Kubernetes clusters, understanding these environment variables is essential for secure and performant deployments. ## Core Runtime and Authentication Settings ### Developer Mode and API Keys The `LANGFLOW_DEV` variable enables developer mode, which activates extra debug information and call-site logging as implemented in [`src/lfx/src/lfx/settings.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/settings.py). Authentication is primarily controlled by `LANGFLOW_API_KEY`, defined in [`src/lfx/src/lfx/cli/common.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/cli/common.py) at line 110. This token secures the HTTP API endpoints. The `LANGFLOW_API_KEY_SOURCE` variable (located in [`src/lfx/src/lfx/services/settings/auth.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/auth.py) at line 67) determines whether the key is read from the database (`db`) or directly from the environment (`env`). For local development convenience, `LANGFLOW_AUTO_LOGIN` automatically authenticates users as a superuser on first visit when set to `true`, as documented in `docs/Support/troubleshooting.mdx`. However, `LANGFLOW_SKIP_AUTH_AUTO_LOGIN` can override this behavior to enforce API-key authentication even when auto-login is enabled. ### Database Configuration Database connectivity is configured through `LANGFLOW_DATABASE_URL`, which accepts any SQLAlchemy connection string (PostgreSQL, SQLite, MySQL) and is processed in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) at line 484. For testing and CI pipelines, `LANGFLOW_USE_NOOP_DATABASE` (line 147 in the same file) enables an in-memory dummy database that requires no external dependencies. Monitoring is supported via `LANGFLOW_PROMETHEUS_PORT`, which exposes metrics endpoints as configured in [`src/backend/base/langflow/main.py`](https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/main.py) at line 497. ## Logging and Observability Langflow provides granular control over logging through eight dedicated environment variables defined in [`src/lfx/src/lfx/log/logger.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/log/logger.py): - **`LANGFLOW_LOG_LEVEL`** – Sets the global verbosity (`debug`, `info`, `warning`, `error`) at line 335 in [`src/backend/base/langflow/main.py`](https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/main.py) - **`LANGFLOW_LOG_RETRIEVER_BUFFER_SIZE`** – Controls the in-memory buffer size for the retriever logger at line 140 - **`LANGFLOW_LOG_FILE`** – Specifies the file path for persistent logs at line 236 - **`LANGFLOW_LOG_ENV`** – Defines environment-specific prefixes for log files at line 240 - **`LANGFLOW_LOG_FORMAT`** – Accepts custom Python formatter strings (e.g., `%(asctime)s %(levelname)s`) at line 244 - **`LANGFLOW_PRETTY_LOGS`** – When `true`, enables colorized and human-readable console output at line 285 ## Security and SSRF Protection Security policies are enforced through variables defined in [`src/lfx/src/lfx/utils/ssrf_protection.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/utils/ssrf_protection.py). The `LANGFLOW_SSRF_PROTECTION_ENABLED` toggle (line 16) activates Server-Side Request Forgery protection for the API Request component. When enabled, `LANGFLOW_SSRF_ALLOWED_HOSTS` (line 18) accepts a comma-separated whitelist of hostnames, IPs, or CIDR ranges that the platform is permitted to access. Webhook security is controlled by `LANGFLOW_WEBHOOK_AUTH_ENABLE`, documented in `docs/Flows/webhook.mdx` at lines 93-95. When enabled, webhook endpoints require a valid `x-api-key` header. ## Component Discovery and Feature Flags Custom component loading is handled by `LANGFLOW_COMPONENTS_PATH`, which accepts one or more directories separated by colons (`:`). This variable is processed in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) at lines 561-563, automatically registering any `Component` subclass found in Python files within those paths. Experimental features use the `LANGFLOW_FEATURE_*` prefix pattern, implemented in [`src/lfx/src/lfx/services/settings/feature_flags.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/feature_flags.py) at line 8. For example, `LANGFLOW_FEATURE_NEW_UI` would activate a hypothetical new interface. Additional operational variables include: - **`LANGFLOW_OBJECT_STORAGE_BUCKET_NAME`** – Configures the S3/GCS bucket for the Write File component ([`src/lfx/src/lfx/components/files_and_knowledge/save_file.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/components/files_and_knowledge/save_file.py) line 608) - **`LANGFLOW_AGENTIC_EXPERIENCE`** – Toggles the agentic execution engine (default `true`) at line 439 in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) - **`LANGFLOW_CORS_ORIGINS`** – Defines allowed origins for cross-origin requests at line 143 in [`src/backend/base/langflow/main.py`](https://github.com/langflow-ai/langflow/blob/main/src/backend/base/langflow/main.py) - **`LANGFLOW_LANGCHAIN_CACHE`** – Selects the LangChain cache backend (`in_memory`, `redis`) at line 101 in [`src/lfx/src/lfx/interface/utils.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/interface/utils.py) ## How Langflow Loads Configuration Langflow uses **Pydantic's `BaseSettings`** with `model_config = SettingsConfigDict(env_prefix="LANGFLOW_")` in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py). All environment variables beginning with `LANGFLOW_` are automatically mapped to attributes of the `Settings` object. This object is instantiated during CLI startup and injected into the dependency-injection container via `get_settings_service`, ensuring consistent configuration access across the application. The architecture follows this flow: operating system environment variables are read by Pydantic, validated against the `Settings` model, and then consumed by the database layer, logging subsystems, and FastAPI application core. ## Practical Configuration Examples ### Local Development with .env Files Create a `.env` file in the project root for local development: ```dotenv LANGFLOW_DEV=true LANGFLOW_API_KEY=sk_test_abcdef123456 LANGFLOW_DATABASE_URL=postgresql://user:pass@localhost:5432/langflow LANGFLOW_LOG_LEVEL=debug LANGFLOW_SSRF_PROTECTION_ENABLED=true LANGFLOW_SSRF_ALLOWED_HOSTS=127.0.0.1,10.0.0.0/8 LANGFLOW_COMPONENTS_PATH=./custom_components LANGFLOW_AUTO_LOGIN=false LANGFLOW_PRETTY_LOGS=true ``` The CLI automatically loads this file via **python-dotenv** when starting `langflow serve`, as implemented in [`src/lfx/src/lfx/cli/commands.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/cli/commands.py). ### Docker and Kubernetes Deployment Override variables at runtime in containerized environments: ```bash docker run -e LANGFLOW_DATABASE_URL=sqlite:///data/langflow.db \ -e LANGFLOW_LOG_LEVEL=info \ -e LANGFLOW_API_KEY=$MY_LANGFLOW_API_KEY \ -e LANGFLOW_CORS_ORIGINS=https://app.example.com \ langflowai/langflow:latest ``` ### Runtime Python Access Access configuration programmatically through the settings service: ```python import os from lfx.services.settings import get_settings_service settings = get_settings_service() print("Database:", settings.LANGFLOW_DATABASE_URL) # Fallback to os.getenv for optional overrides log_level = os.getenv("LANGFLOW_LOG_LEVEL", "error") ``` ### Enabling SSRF Protection Configure SSRF protection to restrict outbound requests from the API Request component: ```dotenv LANGFLOW_SSRF_PROTECTION_ENABLED=true LANGFLOW_SSRF_ALLOWED_HOSTS=api.example.com,10.0.0.0/8,192.168.1.0/24 ``` The protection logic in [`src/lfx/src/lfx/utils/ssrf_protection.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/utils/ssrf_protection.py) will raise an error if components attempt to reach hosts outside this whitelist. ## Summary - **Pydantic-based configuration** in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) automatically parses all `LANGFLOW_*` environment variables at startup. - **Database connectivity** is controlled via `LANGFLOW_DATABASE_URL` with support for PostgreSQL, SQLite, and MySQL, plus a noop mode for CI. - **Security features** include `LANGFLOW_API_KEY` for authentication, `LANGFLOW_SSRF_PROTECTION_ENABLED` for request filtering, and `LANGFLOW_WEBHOOK_AUTH_ENABLE` for webhook verification. - **Component discovery** uses `LANGFLOW_COMPONENTS_PATH` to auto-register custom Python components from external directories. - **Logging granularity** spans from global log levels to custom formatting and colorized output through dedicated environment variables. ## Frequently Asked Questions ### How do I set a custom database URL for Langflow? Set the `LANGFLOW_DATABASE_URL` environment variable to any valid SQLAlchemy connection string. For PostgreSQL, use `postgresql://user:password@host:port/database`. For local file-based storage, use `sqlite:///path/to/database.db`. This is processed in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) at line 484. ### What is the difference between LANGFLOW_API_KEY and LANGFLOW_AUTO_LOGIN? `LANGFLOW_API_KEY` defines the secret token required to authenticate API requests, configured in [`src/lfx/src/lfx/cli/common.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/cli/common.py). `LANGFLOW_AUTO_LOGIN` is a convenience flag for development that automatically creates a superuser session on first browser visit without requiring credentials. When deploying to production, set `LANGFLOW_AUTO_LOGIN=false` and provide a strong `LANGFLOW_API_KEY`. ### How do I enable SSRF protection in Langflow? Set `LANGFLOW_SSRF_PROTECTION_ENABLED=true` and define `LANGFLOW_SSRF_ALLOWED_HOSTS` with a comma-separated list of approved hostnames, IP addresses, or CIDR ranges. This prevents malicious flows from making unauthorized outbound requests to internal networks. The validation logic resides in [`src/lfx/src/lfx/utils/ssrf_protection.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/utils/ssrf_protection.py). ### Can I load custom components from external directories? Yes. Set `LANGFLOW_COMPONENTS_PATH` to one or more directory paths separated by colons (e.g., `/opt/components:/home/user/flows`). Langflow will scan these directories for Python files containing `Component` subclasses and auto-register them at startup. This is handled in [`src/lfx/src/lfx/services/settings/base.py`](https://github.com/langflow-ai/langflow/blob/main/src/lfx/src/lfx/services/settings/base.py) at lines 561-563.