At debug log level API requests to OpenAI get logged with all headers, including an API key, in plaintext #1196

Open

Open

At debug log level API requests to OpenAI get logged with all headers, including an API key, in plaintext #1196

Labels

opened

on Feb 26, 2024

Confirm this is an issue with the Python library and not an underlying OpenAI API

This is an issue with the Python library

Describe the bug

When sending a request using the library, line 439 of

/openai/openai-python/blob/main/src/openai/_base_client.py

Will log all request headers in plain text, including API keys.

While I understand this only happens in debug logging level, it still feels like a potential security issue. These logs should probably be filtered to remove this sensitive header.

To Reproduce

Run an application with DEBUG log level that communicates with OpenAI using an API key
Observe that the API key is printed in the logs in plain text

Code snippets

if log.isEnabledFor(logging.DEBUG):
      log.debug("Request options: %s", model_dump(options, exclude_unset=True))

OS

macOS

Python version

Python 3.11.6

Library version

openai v1.3.7

Metadata

Assignees

No one assigned

Labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests