Skip to content

avp-protocol/langchain-avp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.github/workflows
.github/workflows
 
 
src/langchain_avp
src/langchain_avp
 
 
tests
tests
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

AVP Shield

langchain-avp

LangChain secret manager integration for AVP
Drop-in replacement · All LLM providers · Hardware security

PyPI CI License

Overview

langchain-avp provides AVP integration for LangChain. Replace insecure .env files with hardware-grade credential storage — no code changes required.

Installation

pip install langchain-avp

Quick Start

Before (insecure .env)

from langchain_anthropic import ChatAnthropic
import os

# ❌ API key in plaintext .env file
llm = ChatAnthropic(api_key=os.environ["ANTHROPIC_API_KEY"])

After (secure AVP vault)

from langchain_anthropic import ChatAnthropic
from langchain_avp import AVPSecretManager

# ✅ API key in hardware-secured vault
secrets = AVPSecretManager("avp.toml")
llm = ChatAnthropic(api_key=secrets.get("anthropic_api_key"))

Automatic Environment Loading

Load all secrets into environment variables at startup:

from langchain_avp import load_secrets

# Load secrets into os.environ
load_secrets("avp.toml", [
    "ANTHROPIC_API_KEY",
    "OPENAI_API_KEY",
    "PINECONE_API_KEY",
])

# Now use LangChain normally — it reads from environment
from langchain_anthropic import ChatAnthropic
llm = ChatAnthropic()  # Automatically uses ANTHROPIC_API_KEY

Migration from .env

# Step 1: Import existing .env into AVP
avp import .env --backend keychain

# Step 2: Update your code
# Replace: load_dotenv()
# With:    from langchain_avp import load_secrets; load_secrets("avp.toml")

# Step 3: Delete insecure .env file
rm .env

Provider-Specific Examples

Anthropic

from langchain_anthropic import ChatAnthropic
from langchain_avp import AVPSecretManager

secrets = AVPSecretManager("avp.toml")
llm = ChatAnthropic(api_key=secrets.get("anthropic_api_key"))

OpenAI

from langchain_openai import ChatOpenAI
from langchain_avp import AVPSecretManager

secrets = AVPSecretManager("avp.toml")
llm = ChatOpenAI(api_key=secrets.get("openai_api_key"))

Multiple Providers

from langchain_avp import AVPSecretManager

secrets = AVPSecretManager("avp.toml")

anthropic_llm = ChatAnthropic(api_key=secrets.get("anthropic_api_key"))
openai_llm = ChatOpenAI(api_key=secrets.get("openai_api_key"))
pinecone = Pinecone(api_key=secrets.get("pinecone_api_key"))

Backend Selection

from langchain_avp import AVPSecretManager, Backend

# OS Keychain (recommended)
secrets = AVPSecretManager(backend=Backend.KEYCHAIN)

# Hardware secure element (maximum security)
secrets = AVPSecretManager(backend=Backend.HARDWARE)

# Remote vault (team environments)
secrets = AVPSecretManager(
    backend=Backend.REMOTE,
    url="https://vault.company.com"
)

With LangChain Agents

from langchain.agents import initialize_agent
from langchain_avp import AVPSecretManager

secrets = AVPSecretManager("avp.toml")

# All tool credentials from AVP
tools = [
    SerpAPIWrapper(serpapi_api_key=secrets.get("serpapi_key")),
    WikipediaQueryRun(),
]

agent = initialize_agent(
    tools=tools,
    llm=ChatAnthropic(api_key=secrets.get("anthropic_api_key")),
)

Security Comparison

Method Infostealer Git Leak Host Compromise
.env file
Environment vars
AVP Keychain
AVP Hardware

Contributing

See CONTRIBUTING.md.

License

Apache 2.0 — see LICENSE.

AVP Specification · LangChain

About

LangChain integration for AVP - Replace .env with hardware-secured credentials

avp-protocol.github.io/website/docs/langchain.html

Topics

ai-agents avp credential-management llm langchain

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages