[Bug]: API Keys shown in debug mode

[bansal-ankita]

What happened?

I have implemented a custom logger to write all debug logs to a log file. Upon reviewing the log file, I noticed that it contains sensitive information such as LiteLLM API keys and LLM model API keys. After checking the code, it appears that all parameters (including kwargs and LiteLLM-specific parameters) are being logged in their raw form without any key masking.

Relevant log output

No response

Are you a ML Ops Team?

Yes

What LiteLLM version are you on ?

v1.53.1

Twitter / LinkedIn details

No response

[superpoussin22]

can you check your config file: ( the redact key )
litellm_settings: enable_preview_features: true redact_user_api_key_info: true

[bansal-ankita]

Yes, I have set redact key setting

[bansal-ankita]

any update on this? @krrishdholakia @ishaan-jaff

[mohittalele]

I am also facing same issues.

[krrishdholakia]

Hey @bansal-ankita @mohittalele the key isn't logged. it's masked - and only emitted if debug is true.

litellm/litellm/litellm_core_utils/litellm_logging.py

Line 631 in 3fe1f3b

masked_headers = self._get_masked_headers(headers)

if your key is being logged can you share a redacted version of the request, so we know what to remove?

The purpose behind emitting the the raw request on debug is to allow a user to see the raw request being made to the llm api.

[bansal-ankita]

@krrishdholakia
My callback file looks similar to this: https://docs.litellm.ai/docs/proxy/streaming_logging

Here are some log snippets that highlight the logged keys:

![image](https://github.com/user-attachments/assets/fb113a63-98ec-413d-bbeb-7f05bb1c7194)
![image](https://github.com/user-attachments/assets/f5779154-e5a4-4df6-8c7b-ee090ac51024)

[krrishdholakia]

Thanks everyone. I see the ask is to mask even when debug is true. Will look into this today

[krrishdholakia]

hi @bansal-ankita quick follow up - we currently do not recommend running litellm proxy with debug mode on in prod - the purpose of debug mode is to catch errors - e.g. a key not being read in correctly, so surfacing this information is useful in that situation.

If you run the proxy without debug mode on - this will not happen.

I'm investigating how we can mask on the debug logs, but it would help to understand why you're running it like this in prod?

[bansal-ankita]

@krrishdholakia - to debug issues which might occur in production, we need to run the proxy in debug mode. Also the keys should not be in text format in logs be it Info or Debug logs.

the purpose of debug mode is to catch errors - e.g. a key not being read in correctly, so surfacing this information is useful in that situation. - To address this, you can have keys in encrypted format, as it is stored in postgres DB.

[mohittalele]

@krrishdholakia

we currently do not recommend running litellm proxy with debug mode on in prod

In an enterprise setup, current debug mode setup is undesirable in dev environments too. Dev environments can be accessed by multiple different teams/persons ( e.g platform maintenance team) in addition to application developers. Exposing api keys in logs is a security concern no matter environment.