Critical severity intermediate · Fix: 2-5 min

SecurityError

ai_security.exceptions.SecurityError

What this error means
The LLM API key is accidentally printed or logged in plaintext, exposing sensitive credentials in logs or error messages.

Stack trace

traceback 
SecurityError: API key exposed in logs detected at ai_security.logging.secure_log
  File "app.py", line 42, in call_llm
    response = client.chat.completions.create(...)
  File "ai_security/logging.py", line 15, in secure_log
    raise SecurityError("API key exposed in logs")
QUICK FIX
Sanitize all logs and error outputs to mask or remove API keys before printing or storing.

Why it happens

Developers sometimes log entire request or error objects without redacting sensitive fields like API keys. This causes the key to appear in logs, error messages, or monitoring dashboards, risking credential theft. Automated logging of raw request data or exception tracebacks often includes the key if not filtered.

Detection

Implement log scanning tools or regex filters to detect API key patterns in logs. Monitor error outputs and audit logs for accidental key exposure before deployment.

Causes & fixes

1

Logging entire request or error objects including the API key field

✓ Fix

Explicitly redact or omit the API key field before logging any request or error data.

2

Printing raw exception tracebacks that include environment variables or client config

✓ Fix

Catch exceptions and sanitize error messages to remove or mask API keys before printing or logging.

3

Using debug-level logging in production that outputs sensitive environment variables

✓ Fix

Disable debug-level logging in production and configure logging to exclude sensitive environment variables.

Code: broken vs fixed

Broken - triggers the error
python
import os
from openai import OpenAI
client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

# Dangerous: logs entire request including API key
print("Sending request with API key: [REDACTED]")  # This exposes the key
response = client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "Hello"}])
Fixed - works correctly
python
import os
from openai import OpenAI
client = OpenAI(api_key=os.environ["OPENAI_API_KEY"])

# Fixed: do NOT log the API key
print("Sending request to LLM API")  # Removed API key from logs
response = client.chat.completions.create(model="gpt-4o-mini", messages=[{"role": "user", "content": "Hello"}])
Removed direct logging of the API key to prevent sensitive credential exposure in logs.

Workaround

Wrap logging calls in try/except and use regex to mask any detected API key patterns before outputting logs or errors.

Prevention

Use centralized secure logging libraries that automatically redact sensitive fields like API keys and configure environment variables access carefully to avoid accidental exposure.

Python 3.9+ · openai >=1.0.0 · tested on 1.5.x
Verified 2026-04
Verify ↗

Related errors

OpenAI RateLimitError 429 LangChain OutputParserException

Related guides

'' how to secure api keys in python guide '' best practices for logging sensitive data concept

Community Notes

No notes yetBe the first to share a version-specific fix or tip.