Skip to main content
LangChain reads provider credentials from environment variables or constructor arguments. The recommended setup: run the chain under authsome’s proxy and let LangChain’s SDKs read the placeholder env vars unchanged.

Run the whole chain under the proxy

authsome login openai
authsome login github
authsome run -- python my_chain.py
LangChain SDKs read placeholder env vars (OPENAI_API_KEY=authsome-proxy-managed) and initialize. The proxy substitutes the real key for outbound HTTPS to api.openai.com, api.github.com, and other matched hosts. No code changes to your chain.

Tools that call out to providers

Many LangChain tools (GitHubToolkit, SerpAPIWrapper, BraveSearch, etc.) read their secret from an env var. With the proxy already wrapping the process, the existing wrappers just work:
from langchain_community.utilities import SerpAPIWrapper

# reads SERPAPI_API_KEY from env, which is the proxy placeholder
search = SerpAPIWrapper()
For tools that authsome doesn’t bundle, add a custom provider so the proxy can match by host.

Export when the proxy is not enough

If you’re building a larger orchestrator around LangChain and need to pass tokens explicitly (different connection per call, or TLS-pinned SDKs that bypass the proxy), export credentials first:
eval "$(authsome export openai --format env)"
eval "$(authsome export github --format env)"
Then construct LangChain clients as usual — they read the exported env vars.

Async clients

AsyncChatOpenAI and other async wrappers work identically under authsome run.

Multi-account workflows

eval "$(authsome export github --connection work --format env)"
eval "$(authsome export github --connection personal --format env)"
See Multiple connections per provider.

What’s next

Python library

The full library surface.

OpenAI integration

Set up the OpenAI key LangChain will use.