Security 🔐

ChainForge is one of the only prompt engineering tools that allows you to encrypt your flows and settings. When running locally, ChainForge allows you to encrypt all locally-saved files via:

chainforge serve --secure {off, settings, all}

Where the options are:

• off: no encryption (default)
• settings: encrypts only the global settings config (e.g., API keys)
• all: encrypts all config files and locally saved flows

When running in --secure mode, ChainForge will ask you for a one-time password:

Welcome to ChainForge! We've noticed you are entering secure mode for the first time. Please enter a password to encrypt your flows and settings. Prepare to enter it again whenever you start ChainForge in secure mode.

Create new password: 
Confirm password: 
✅ Password set.

and thereafter when running in --secure mode you will be asked to login with that password:

🔐 Enter password: [...]
✅ Password verified.

Encrypted files are stored with an .enc extension.

Warning

If you forget your password, you will not be able to access your saved flows or settings. Make sure to remember it or store it in a secure password manager.

Encrypted flows show up in the Saved Flows sidebar with a lock icon:

To see where ChainForge is storing your files, check the bottom of the Saved Flows sidebar (top-left button). You can also specify a location via --dir option when running chainforge serve (e.g., --dir /path/to/dir).

Note that the "Export" and "Import" buttons in the UI will still import/export only unencrypted files. This is to retain the ability to share flows with others. What is encrypted is all files stored in your Saved Flows directory.

Note

Passwords are stored in a hashed format, so they are not recoverable. If you forget your password and want to make a new one, you will need to delete the salt.bin file in the Saved Flows directory and start over.