Describe the feature
References:
Currently, Bedrock API Key authentication works only via the environment variable:
AWS_BEARER_TOKEN_BEDROCK
This means boto3 does not allow passing the Bedrock API Key directly to:
boto3.Session()
boto3.client()
Unlike aws_access_key_id and aws_secret_access_key, the Bedrock API key cannot be scoped per session or client instance.
Use Case
In multi-tenant or concurrent systems:
- Each tenant may have a different Bedrock API Key
- Requests are processed in parallel
- Environment variables are global to the process
Using os.environ to switch keys per request is unsafe and may cause:
- Credential leakage between tenants
- Race conditions in async or threaded environments
- Broken isolation guarantees
Per-session credential injection is required for safe multi-tenant usage.
Proposed Solution
Add support for explicitly passing the Bedrock API Key to:
boto3.Session(aws_bearer_token_bedrock="...")
or
boto3.client("bedrock-runtime", aws_bearer_token_bedrock="...")Credential precedence should follow standard boto3 behavior:
Explicit parameter > Environment variable > Config file
This would align Bedrock API Key handling with boto3’s existing credential model and enable safe per-client isolation.
Other Information
The langchain-aws package recently introduced a bedrock_api_key parameter.
However, the current implementation simply maps the provided key to the environment variable:
os.environ["AWS_BEARER_TOKEN_BEDROCK"] = bedrock_api_key.get_secret_value()
This does not provide true per-client or per-request isolation. It only automates setting a global environment variable.
Because os.environ mutates process-wide state:
- The API key is shared across all threads and async tasks
- Concurrent requests can overwrite each other’s credentials
- It remains unsafe for multi-tenant systems
- It does not align with boto3’s session-based credential model
This limitation originates from the fact that boto3 currently only reads the Bedrock API Key from environment variables, rather than supporting explicit session/client-level configuration.
Acknowledgements
SDK version used
boto3: 1.42.51 botocore: 1.42.51
Environment details (OS name and version, etc.)
OS: Ubuntu 22.04.5 LTS (Jammy Jellyfish)
Describe the feature
References:
langchain-ai/langchain-aws#841
langchain-ai/langchain-aws#849
langchain-ai/langchain-aws#849 (comment)
Currently, Bedrock API Key authentication works only via the environment variable:
AWS_BEARER_TOKEN_BEDROCK
This means boto3 does not allow passing the Bedrock API Key directly to:
boto3.Session()
boto3.client()
Unlike aws_access_key_id and aws_secret_access_key, the Bedrock API key cannot be scoped per session or client instance.
Use Case
In multi-tenant or concurrent systems:
Using os.environ to switch keys per request is unsafe and may cause:
Per-session credential injection is required for safe multi-tenant usage.
Proposed Solution
Add support for explicitly passing the Bedrock API Key to:
or
Credential precedence should follow standard boto3 behavior:
This would align Bedrock API Key handling with boto3’s existing credential model and enable safe per-client isolation.
Other Information
The langchain-aws package recently introduced a bedrock_api_key parameter.
However, the current implementation simply maps the provided key to the environment variable:
This does not provide true per-client or per-request isolation. It only automates setting a global environment variable.
Because os.environ mutates process-wide state:
This limitation originates from the fact that boto3 currently only reads the Bedrock API Key from environment variables, rather than supporting explicit session/client-level configuration.
Acknowledgements
SDK version used
boto3: 1.42.51 botocore: 1.42.51
Environment details (OS name and version, etc.)
OS: Ubuntu 22.04.5 LTS (Jammy Jellyfish)