Mistral API keys being leaked with `LangChain Code` node

miguel-mconf · April 18, 2024, 10:01pm

Describe the problem/error/question

I’m able to leak my Mistral API keys, using the LangChain Code node, when they should be private:

Please share your workflow

Share the output returned by the last node

Information on your n8n setup

n8n version: 1.38.1
Database (default: SQLite): SQLite
n8n EXECUTIONS_PROCESS setting (default: own, main): own
Running n8n via (Docker, npm, n8n cloud, desktop app): k8s
Operating system: ubuntu

mariana-na · May 1, 2024, 12:04pm

Hey @miguel-mconf

Thank you so much for pointing this out!

I raised the Langchain Code bug from your other post with our Nodes engineers, and I’ve added this issue in it as well!

mariana-na · July 16, 2024, 11:47am

Hi @miguel-mconf ,

Just a small update here. Our team looked into this and it turns out it’s an issue coming from Langchain and not n8n.
The way Langchain is implemented for the Mistral model is not protecting the API keys properly, even though it does so for other models, like the OpenAi one, for example.

mariana-na · August 28, 2024, 7:14am

Hi @miguel-mconf,

Good news! Our engineering team reached out to Langchain about his issue and they have implemented a quick fix
This will be out with the next release from Langchain and we will keep an eye out to update our node then!

system · November 26, 2024, 7:14am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.