Minimum versions
Profile support is available in the following releases:Profile file location
By default, SDKs look for a profile file at:LANGSMITH_CONFIG_FILE:
Create a profile file
Create~/.langsmith/config.json with a profiles object. Each profile can define:
Select a profile
SDKs select profiles in this order:LANGSMITH_PROFILE, if set.current_profilein the profile file, if set.- A profile named
default, if present.
--profile flag, which takes precedence over LANGSMITH_PROFILE for that command:
Manage profiles with the CLI
Use the LangSmith CLI to create, inspect, switch, and delete profiles without editing the JSON file by hand. To create an API-key profile from an existing API key:
Use
--format pretty for human-readable tables:
Authenticate with langsmith auth login
Run langsmith auth login to authenticate with OAuth instead of manually creating an API-key profile. The command starts a browser-based device authorization flow, stores OAuth tokens in the selected profile, and sets that profile as current.
langsmith auth login currently supports LangSmith Cloud (SaaS) only. For self-hosted or other non-SaaS LangSmith endpoints, create an API-key profile instead.--profile or LANGSMITH_PROFILE:
langsmith auth login chooses the profile name in this order:
--profile, if passed.LANGSMITH_PROFILE, if set.current_profilein the profile file, if set.default.
--api-url, if passed.LANGSMITH_ENDPOINT, if set.- The selected profile’s
api_url, if present. - The default LangSmith Cloud endpoint.
Override profile values
Explicit client constructor arguments and environment variables take precedence over profile values.
The older
LANGCHAIN_API_KEY, LANGCHAIN_ENDPOINT, and LANGCHAIN_WORKSPACE_ID aliases still work, but prefer the LANGSMITH_* names for new configuration.
If a profile contains both oauth.access_token and api_key, SDKs use the OAuth access token first. If an OAuth refresh token is present and the access token is expired or close to expiring, SDKs can refresh the token and write the updated token fields back to the profile file.
If you mount a profile file as read-only, OAuth token refresh cannot persist updated tokens. Read-only mounts are appropriate for API-key profiles. Use a writable mount only when you intentionally rely on OAuth token refresh.
Use profiles in code
When the profile file is present, create the client normally:Mount profiles in remote runtimes
For remote runtimes, mount the profile file as a secret file and setLANGSMITH_CONFIG_FILE to the mounted path. Do not copy the file into the image or repository.
Docker
Mount your local profile directory into the container:Kubernetes
Create a Kubernetes secret from the profile file:Remote development and CI
In remote development environments or CI jobs, store the profile JSON in the platform’s secret store, write it to a temporary file at runtime, and setLANGSMITH_CONFIG_FILE to that file path.
Connect these docs to Claude, VSCode, and more via MCP for real-time answers.

