At debug log level API requests to OpenAI get logged with all headers, including an API key, in plaintext

[kives-nu]

Confirm this is an issue with the Python library and not an underlying OpenAI API

• This is an issue with the Python library

Describe the bug

When sending a request using the library, line 439 of

/openai/openai-python/blob/main/src/openai/_base_client.py

Will log all request headers in plain text, including API keys.

While I understand this only happens in debug logging level, it still feels like a potential security issue. These logs should probably be filtered to remove this sensitive header.

To Reproduce

1. Run an application with DEBUG log level that communicates with OpenAI using an API key
2. Observe that the API key is printed in the logs in plain text

Code snippets

if log.isEnabledFor(logging.DEBUG):
      log.debug("Request options: %s", model_dump(options, exclude_unset=True))

OS

macOS

Python version

Python 3.11.6

Library version

openai v1.3.7

[stdweird]

👍 i was very surprised to find this.

[artdent]

Also reported as #1082