openai-python icon indicating copy to clipboard operation
openai-python copied to clipboard

Published 20 hours ago verified publisher icon openai

At debug log level API requests to OpenAI get logged with all headers, including an API key, in plaintext

Open kives-nu opened this issue 1 year ago • 2 comments

Confirm this is an issue with the Python library and not an underlying OpenAI API

  • [X] This is an issue with the Python library

Describe the bug

When sending a request using the library, line 439 of

/openai/openai-python/blob/main/src/openai/_base_client.py

Will log all request headers in plain text, including API keys.

While I understand this only happens in debug logging level, it still feels like a potential security issue. These logs should probably be filtered to remove this sensitive header.

To Reproduce

  1. Run an application with DEBUG log level that communicates with OpenAI using an API key
  2. Observe that the API key is printed in the logs in plain text

Code snippets

if log.isEnabledFor(logging.DEBUG):
      log.debug("Request options: %s", model_dump(options, exclude_unset=True))

OS

macOS

Python version

Python 3.11.6

Library version

openai v1.3.7

kives-nu avatar Feb 26 '24 20:02 kives-nu

:+1: i was very surprised to find this.

stdweird avatar Feb 29 '24 13:02 stdweird

Also reported as #1082

artdent avatar Mar 08 '24 18:03 artdent