Skip to content

Add API key log redaction #65

New issue
New issue
Closed
Closed
Add API key log redaction#65
Labels
P1Priority 1: Critical, fix as soon as possiblesecuritySecurity vulnerability or hardening
@neuromechanist

Description

@neuromechanist
neuromechanist
opened on Jan 24, 2026

Type: Security
Priority: P1 (High severity - prevents credential leakage)
Effort: 1 hour
Phase: 3

Description:
API keys might accidentally be logged in debug output or error messages. Need automatic redaction to prevent exposure in centralized logging systems.

Security Impact: HIGH - Prevents credential exposure in logs

Acceptance Criteria:

  • Custom log formatter that redacts API keys
  • Pattern: sk-or-v1-[0-9a-f]{64}sk-or-v1-***[redacted]
  • Applied to all loggers (root logger configuration)
  • Test that API keys are redacted in log output
  • Does not affect actual API calls (only logging)

Implementation: Create custom SecureFormatter class extending logging.Formatter

Related Issues: Part of security hardening with #64, #66, #67, #68
Branch: feature/issue-64-68-security-hardening

Metadata

Metadata

Assignees

No one assigned

    Labels

    P1Priority 1: Critical, fix as soon as possiblesecuritySecurity vulnerability or hardening

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions