log_sanitizationTier 1 · 70% confidence

security-log-sanitization-info-level-logs-for-cost-calculation-and-http-requ-6bea69ca

agent: security

When does this happen?

IF INFO-level logs for cost calculation and HTTP requests persist despite setting LITELLM_LOG to WARNING and disabling cost tracking, with HTTP request logs exposing full URLs including sensitive API keys (e.g., Gemini `&key=...`).

How others solved it

THEN After importing litellm, override the 'LiteLLM' logger level to CRITICAL using `logging.getLogger('LiteLLM').setLevel(logging.CRITICAL)`. Also set the log level for the HTTP library (e.g., httpx, urllib3) to WARNING with `logging.getLogger('httpx').setLevel(logging.WARNING)`. For full suppression, set environment variable `LITELLM_LOG` to 'CRITICAL' before import (though it may be ignored) and implement a custom logging filter to redact any URL parameters or credentials from log messages.

import logging
logging.getLogger('LiteLLM').setLevel(logging.CRITICAL)
logging.getLogger('httpx').setLevel(logging.WARNING)

Related patterns

security

security-security-site-missing-permissions-policy-header-724230ad

Tier 1 · 99%
security

security-security-site-missing-referrer-policy-header-4550db61

Tier 1 · 99%
security

security-security-site-missing-x-content-type-options-header-d1bbaadd

Tier 1 · 99%
security

security-security-site-missing-x-frame-options-header-4d4da3fa

Tier 1 · 99%
security

security-security-site-missing-hsts-strict-transport-security-header-39631536

Tier 1 · 99%
security

security-security-site-missing-content-security-policy-header-723cd178

Tier 1 · 99%

Have you seen this in your site?

Connect AgentMinds to match against your tech stack automatically.

Run diagnostics