Confirm this is an issue with the Python library and not an underlying OpenAI API
Describe the bug
When sending a request using the library, line 439 of
/openai/openai-python/blob/main/src/openai/_base_client.py
Will log all request headers in plain text, including API keys.
While I understand this only happens in debug logging level, it still feels like a potential security issue. These logs should probably be filtered to remove this sensitive header.
To Reproduce
- Run an application with DEBUG log level that communicates with OpenAI using an API key
- Observe that the API key is printed in the logs in plain text
Code snippets
if log.isEnabledFor(logging.DEBUG):
log.debug("Request options: %s", model_dump(options, exclude_unset=True))OS
macOS
Python version
Python 3.11.6
Library version
openai v1.3.7
Confirm this is an issue with the Python library and not an underlying OpenAI API
Describe the bug
When sending a request using the library, line 439 of
/openai/openai-python/blob/main/src/openai/_base_client.py
Will log all request headers in plain text, including API keys.
While I understand this only happens in debug logging level, it still feels like a potential security issue. These logs should probably be filtered to remove this sensitive header.
To Reproduce
Code snippets
OS
macOS
Python version
Python 3.11.6
Library version
openai v1.3.7