Skip to main content
LangSmith SDK profiles let you keep API keys, endpoints, and workspace IDs in a reusable JSON file instead of setting the same environment variables in every shell session. Use profiles when you switch between LangSmith Cloud regions, self-hosted instances, or workspaces often, or when you want a remote runtime to load the same SDK configuration from a mounted file.
Profile files can contain API keys and OAuth refresh tokens. Do not commit them to source control, bake them into container images, or print them in logs. Store and mount them with the same care as other credentials.

Minimum versions

Profile support is available in the following releases:

Profile file location

By default, SDKs look for a profile file at:
To use a different path, set LANGSMITH_CONFIG_FILE:
The TypeScript SDK only loads profiles in Node.js-like runtimes. Browser and web worker runtimes do not have filesystem access, so pass configuration explicitly in those environments.

Create a profile file

Create ~/.langsmith/config.json with a profiles object. Each profile can define:
Restrict the file so only your user can read it:

Select a profile

SDKs select profiles in this order:
  1. LANGSMITH_PROFILE, if set.
  2. current_profile in the profile file, if set.
  3. A profile named default, if present.
For example:
The LangSmith CLI also accepts a global --profile flag, which takes precedence over LANGSMITH_PROFILE for that command:

Manage profiles with the CLI

Use the LangSmith CLI to create, inspect, switch, and delete profiles without editing the JSON file by hand. To create an API-key profile from an existing API key:
You can also pass the key and endpoint as flags. Prefer environment variables on shared machines, because shell history may record command flags.
Common profile commands: Use --format pretty for human-readable tables:

Authenticate with langsmith auth login

Run langsmith auth login to authenticate with OAuth instead of manually creating an API-key profile. The command starts a browser-based device authorization flow, stores OAuth tokens in the selected profile, and sets that profile as current.
langsmith auth login currently supports LangSmith Cloud (SaaS) only. For self-hosted or other non-SaaS LangSmith endpoints, create an API-key profile instead.
Choose the profile with --profile or LANGSMITH_PROFILE:
For a headless environment, suppress automatic browser opening and pass a workspace ID:
langsmith auth login chooses the profile name in this order:
  1. --profile, if passed.
  2. LANGSMITH_PROFILE, if set.
  3. current_profile in the profile file, if set.
  4. default.
It chooses the API URL in this order:
  1. --api-url, if passed.
  2. LANGSMITH_ENDPOINT, if set.
  3. The selected profile’s api_url, if present.
  4. The default LangSmith Cloud endpoint.
After login, the CLI and SDKs can use the saved profile. The CLI refreshes OAuth tokens when needed and writes refreshed token fields back to the profile file. SDKs also use the OAuth access token from the profile when environment or constructor API-key auth is not set.

Override profile values

Explicit client constructor arguments and environment variables take precedence over profile values. The older LANGCHAIN_API_KEY, LANGCHAIN_ENDPOINT, and LANGCHAIN_WORKSPACE_ID aliases still work, but prefer the LANGSMITH_* names for new configuration. If a profile contains both oauth.access_token and api_key, SDKs use the OAuth access token first. If an OAuth refresh token is present and the access token is expired or close to expiring, SDKs can refresh the token and write the updated token fields back to the profile file.
If you mount a profile file as read-only, OAuth token refresh cannot persist updated tokens. Read-only mounts are appropriate for API-key profiles. Use a writable mount only when you intentionally rely on OAuth token refresh.

Use profiles in code

When the profile file is present, create the client normally:
To override a profile in code, pass the value explicitly:

Mount profiles in remote runtimes

For remote runtimes, mount the profile file as a secret file and set LANGSMITH_CONFIG_FILE to the mounted path. Do not copy the file into the image or repository.

Docker

Mount your local profile directory into the container:
Use a read-write mount only when the profile uses OAuth refresh tokens:

Kubernetes

Create a Kubernetes secret from the profile file:
Mount the secret and point the SDK to it:
Kubernetes secret volumes are read-only. Use API-key profiles for this pattern, or use a writable secret-sync mechanism if your OAuth profile must refresh and persist tokens.

Remote development and CI

In remote development environments or CI jobs, store the profile JSON in the platform’s secret store, write it to a temporary file at runtime, and set LANGSMITH_CONFIG_FILE to that file path.
For hosted LangSmith Cloud, configure these values as environment variables or workspace secrets unless the platform explicitly supports mounting secret files.