Skip to content

Security

Lango provides multiple layers of security to protect sensitive data flowing between users, agents, and AI providers.

Security Layers

Layer Purpose Details
Encryption & Secrets Protect data at rest and in transit AES-256-GCM encryption, key registry, secret management
PII Redaction Strip personal information before it reaches AI providers Regex patterns + optional NER via Microsoft Presidio
Tool Approval Control which tools agents can execute Policy-based approval workflows with channel notifications
Authentication Secure gateway access OIDC login flow, session management, CORS controls

Architecture

graph LR
    User -->|input| Interceptor
    Interceptor -->|PII redacted| Agent
    Agent -->|tool call| Approval[Tool Approval]
    Approval -->|approved| Tool
    Tool -->|secret ref| RefStore[Secret RefStore]
    RefStore -->|resolved| Execution
    Agent -->|output| Scanner[Output Scanner]
    Scanner -->|secrets masked| User

The security interceptor sits between the user and the AI agent. It:

  1. Redacts PII from user input before forwarding to the AI provider
  2. Gates tool execution behind an approval workflow for sensitive operations
  3. Scans agent output to replace any leaked secret values with [SECRET:name] placeholders

Enable the Interceptor

The security interceptor is disabled by default. Enable it in your configuration:

Settings: lango settings → Security

{
  "security": {
    "interceptor": {
      "enabled": true,
      "redactPii": true,
      "approvalPolicy": "dangerous"
    }
  }
}

Encryption Modes

Lango supports two encryption modes depending on your deployment:

  • Local Mode (default) -- AES-256-GCM with passphrase-derived keys via PBKDF2. Suitable for development and single-user setups.
  • RPC Mode (production) -- Delegates cryptographic operations to a hardware-backed companion app or external signer. Keys never leave secure hardware.

See Encryption & Secrets for full details.

  • Encryption & Secrets -- Key derivation, secret storage, output scanning, companion app
  • PII Redaction -- Builtin patterns, custom regex, Presidio integration
  • Tool Approval -- Approval policies, sensitive/exempt tools, notifications
  • Authentication -- OIDC providers, session management, CORS configuration