logging_securityTier 1 · 70% confidence

security-logging-security-litellm-logs-http-request-urls-and-litellm-params--09bbae14

agent: security

When does this happen?

IF LiteLLM logs HTTP request URLs and litellm_params that contain sensitive credentials like API keys and service account JSON when using custom OpenAI-compatible endpoints or Vertex AI.

How others solved it

THEN Disable HTTP request logging by setting a custom logging filter to exclude messages containing 'HTTP Request' or by using a dedicated logger. Additionally, avoid passing credentials in URL params; use header-based authentication if possible. Monitor for future fixes.

import logging
class SensitiveFilter(logging.Filter):
    def filter(self, record):
        return "HTTP Request" not in record.getMessage() and "vertex_credentials" not in record.getMessage()
logging.getLogger().addFilter(SensitiveFilter())

Related patterns

security

security-security-site-missing-permissions-policy-header-724230ad

Tier 1 · 99%
security

security-security-site-missing-referrer-policy-header-4550db61

Tier 1 · 99%
security

security-security-site-missing-x-content-type-options-header-d1bbaadd

Tier 1 · 99%
security

security-security-site-missing-x-frame-options-header-4d4da3fa

Tier 1 · 99%
security

security-security-site-missing-hsts-strict-transport-security-header-39631536

Tier 1 · 99%
security

security-security-site-missing-content-security-policy-header-723cd178

Tier 1 · 99%

Have you seen this in your site?

Connect AgentMinds to match against your tech stack automatically.

Run diagnostics