| DC1 |
API credentials |
x-api-key header, LANGGRAPH_API_KEY,
LANGSMITH_API_KEY, LANGCHAIN_API_KEY env
vars |
Critical |
Environment variables, HTTP headers in transit |
N/A (in-memory) |
Session lifetime |
All — breach trigger |
| DC2 |
Encryption keys |
LANGGRAPH_AES_KEY env var, key parameter
to from_pycryptodome_aes() |
Critical |
Environment variable, in-memory |
N/A |
Application lifetime |
All — breach trigger |
| DC3 |
Serialized graph state |
Checkpoint data in checkpoints and writes
tables (msgpack/JSON/pickle bytes) |
High |
PostgreSQL (BYTEA), SQLite (BLOB) |
Optional via EncryptedSerializer or SDK Encryption Handlers |
Unbounded (no default TTL) |
GDPR if state contains PII |
| DC4 |
Store key-value data |
User-stored items in store tables via BaseStore |
High |
PostgreSQL, SQLite |
No (plaintext JSON); optional via SDK Encryption Handlers |
Configurable TTL, default unbounded |
GDPR if contains PII |
| DC5 |
Checkpoint metadata |
thread_id, checkpoint_ns,
run_id, step, source |
Medium |
PostgreSQL, SQLite (metadata JSONB/JSON column) |
No |
Same as DC3 |
Minimal |
| DC6 |
Agent conversation history |
LangChain messages (HumanMessage, AIMessage, ToolMessage) serialized
in checkpoint state |
High |
PostgreSQL, SQLite (within DC3 checkpoint bytes) |
Only if DC3 encrypted |
Unbounded |
GDPR, CCPA if contains user PII |
| DC7 |
Connection strings |
PostgreSQL URIs, SQLite file paths passed to
from_conn_string() |
Critical |
Application code, environment variables |
N/A (in-memory) |
Application lifetime |
All — may contain credentials |
| DC8 |
Vector embeddings |
Document embeddings in store_vectors table |
Low |
PostgreSQL (pgvector), SQLite (vec extension) |
No |
Same as DC4 |
Minimal |
| DC9 |
SDK Encryption context metadata |
EncryptionContext.metadata dict passed to encryption
handlers |
Medium |
In-memory per request; persisted with encrypted data |
N/A (context, not payload) |
Request lifetime + persistence alongside encrypted data |
Depends on content |