feat(langgraph+lsd): custom encryption at rest #1715
Conversation
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764716167-f54d181 |
cwlbraa
changed the title
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764792719-f87b160 |
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764794852-f512487 |
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764797703-084c32f |
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764798277-4b07aa7 |
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
cwlbraa
force-pushed
the
cwlbraa/custom-encryption-LSD-172
branch
from
3333def to
c7ee0d8
Compare
|
Mintlify preview ID generated: preview-cwlbra-1764809607-03baa36 |
jdrogers940
left a comment
jdrogers940
left a comment
There was a problem hiding this comment.
Nice! These docs look really good. Proposed some high level restructuring but content and examples themselves look awesome.
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764876311-58b2b83 |
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764876531-3e7042f |
| sidebarTitle: Encryption at-rest | ||
| --- | ||
|
|
||
| LangGraph Platform supports encryption at-rest for checkpoint data and metadata. You can choose between basic encryption with a single key or custom encryption for advanced use cases. |
There was a problem hiding this comment.
| LangGraph Platform supports encryption at-rest for checkpoint data and metadata. You can choose between basic encryption with a single key or custom encryption for advanced use cases. | |
| Agent Server supports encryption at-rest for checkpoint data and metadata. You can choose between basic encryption with a single key or custom encryption for advanced use cases. |
| LangGraph Platform supports encryption at-rest for checkpoint data and metadata. You can choose between basic encryption with a single key or custom encryption for advanced use cases. | ||
|
|
||
| <Note> | ||
| Encryption at-rest is available for LangGraph Platform deployments (Python graphs only). |
There was a problem hiding this comment.
nit: This is in the Deployments section so I would just call out the python piece. Also the API version needed similar to here: https://docs.langchain.com/langsmith/custom-lifespan#how-to-add-custom-lifespan-events
| | Method | What's encrypted | Use case | | ||
| |--------|------------------|----------| | ||
| | **Basic encryption** | Checkpoint blobs only | Single static key, automatic AES encryption | | ||
| | **Custom encryption** | Checkpoints + JSON fields | Per-tenant keys, KMS integration, selective field encryption | |
There was a problem hiding this comment.
| | **Custom encryption** | Checkpoints + JSON fields | Per-tenant keys, KMS integration, selective field encryption | | |
| | **Custom encryption** | Checkpoints, threads, runs, assistants and crons | Per-tenant keys, KMS integration, selective field encryption | |
Or something else to show these resources. JSON fields feels too vague.
There was a problem hiding this comment.
the "metadata" ambiguity is brutal. i think naming the models, as you've suggested, instead of naming the fields is probably best here, but it's also annoyingly vague.
Signed-off-by: Connor Braa <cwlbraa@langchain.dev>
|
Mintlify preview ID generated: preview-cwlbra-1764890947-a18454a |
**Description:** This PR adds the Python SDK types necessary for langgraph platform users to inject their own custom encryption-at-rest functions. See [docs PR](langchain-ai/docs#1715) for more details. note: this PR adds a starlette dev dependency so that custom encryption can access BaseUser information. **Issue:** required for LSD-172 **Dependencies:** - [depended upon by associated langgraph-api changes](langchain-ai/langgraph-api#1773 PR must merge before that one) - [docs PR](langchain-ai/docs#1715) **TODO:** - [x] move docs to docs repo - [x] bump package versions before merge --------- Signed-off-by: Connor Braa <cwlbraa@langchain.dev> Co-authored-by: Claude <noreply@anthropic.com>
katmayb
left a comment
katmayb
left a comment
There was a problem hiding this comment.
lgtm from a docs pov, just need to make sure to update the references to LGP.
| LangGraph Platform supports encryption at-rest for checkpoint data and metadata. You can choose between basic encryption with a single key or custom encryption for advanced use cases. | ||
|
|
||
| <Note> | ||
| Encryption at-rest is available for LangGraph Platform deployments (Python graphs only). |
There was a problem hiding this comment.
| Encryption at-rest is available for LangGraph Platform deployments (Python graphs only). | |
| Encryption at-rest is available for Agent Server deployments (Python graphs only). |
Or LangSmith deployments?
Overview
This PR documents new SDK annotations for injecting custom encryption at rest handlers in langsmith deployments.
Type of change
Type: New documentation page
Related issues/PRs
langchain-ai/langgraph#6482
https://github.com/langchain-ai/langgraph-api/pull/1773
Checklist
docs devsrc/docs.jsonif needed(Internal team members only / optional): Create a preview deployment as necessary using the Create Preview Branch workflow
Additional notes