Advanced14 min

Security & Lifecycle: Encryption, TTL, and Backend Selection

Decide whether you need checkpoint encryption or TTL, configure them correctly (including the actual JSON field names), harden serialization against CVE-2025-64439, choose from the real set of checkpointer backends, and plan for the failure modes that matter: key loss, silent misconfiguration, and deserialization RCE.

Quick Reference

→EncryptedSerializer wraps any checkpointer with AES-256 — reads LANGGRAPH_AES_KEY from env, one line to enable
→Set LANGGRAPH_STRICT_MSGPACK=true in production — blocks deserialization RCE (CVE-2025-64439, CVE-2026-28277)
→TTL uses a single default_ttl field (not separate thread/checkpoint fields) — Agent Server only, not self-hosted
→Two TTL strategies: delete (remove threads entirely) and keep_latest (retain most recent checkpoint per thread)
→Agent Server supports 2 built-in backends: postgres (default) and mongo — all others are self-hosted custom checkpointers
→langgraph-checkpoint-aws v1.0.7 provides 4 savers: DynamoDBSaver, ValkeySaver, AgentCoreMemorySaver, AgentCoreValkeySaver

Do You Need Encryption or TTL?

Most dev and prototype setups need neither. Encryption matters when checkpoints contain PII, PHI, or financial data that must be protected at rest. TTL matters when you accumulate more threads than you can manage manually — roughly more than 100/day in a production deployment. If neither applies, skip to backend selection.

Decide before you build: most dev setups need neither

When NOT to encrypt

Skip encryption for: (1) development environments — it adds latency and complicates debugging with no security benefit, (2) latency-critical hot paths where AES overhead on large state objects matters, (3) ephemeral in-memory checkpointers where data never hits disk.

When NOT to configure TTL

Skip Agent Server TTL for: (1) prototyping or fixed-thread-count systems, (2) self-hosted checkpointers where you manage retention at the database layer (PostgreSQL partition expiry, MongoDB TTL indexes, Redis key expiry), (3) systems where you need complete audit history indefinitely.

Checkpoint Encryption with AES-256

EncryptedSerializer wraps the default JsonPlusSerializer with AES-256 encryption. Checkpoint data is encrypted before it hits your database — decrypted transparently on read. On Agent Server, set LANGGRAPH_AES_KEY and encryption is automatic. For self-hosted checkpointers, pass the serializer explicitly.

Serialization Security: The CVE You Must Know

Encrypting checkpoints at rest doesn't protect against malicious checkpoint payloads at read time. JsonPlusSerializer's pickle fallback enables remote code execution (RCE) when an attacker can write crafted data to your checkpoint store. CVE-2025-64439 documents RCE via the JSON fallback mode of JsonPlusSerializer. CVE-2026-28277 documents unsafe msgpack deserialization. Both are patched in langgraph-checkpoint ≥ 3.0, but the mitigation you must also apply is setting a strict deserialization mode.

Sign in to read this article

This is a premium article. Sign in with your Google account to continue.