Skip to content

Redact provider API keys from HTTP client logs #217

Description

@cmsjade5000

Problem

During local discovery, provider lookup activity produced HTTP client log messages that included full outbound request URLs. Some provider APIs pass credentials in query parameters, so those URLs can contain API keys if logs are captured, shared, or attached to an issue.

This issue intentionally does not include any real log lines, provider keys, or request URLs.

Suggested Scope

  • Review how httpx logging is configured by api/main.py and the provider lookup services.
  • Prevent credential-bearing query strings from appearing in normal application logs.
  • Prefer a central logging/filter approach if possible, so future provider clients inherit the same protection.
  • Consider redacting common sensitive query parameters such as API keys, tokens, and auth values.
  • Keep useful provider observability, such as host, path, status code, duration, and request id, when it can be logged safely.

Files or Areas

  • api/main.py
  • api/utils/providers.py
  • api/utils/omdb.py
  • api/services/movie_lookup.py
  • api/services/movies_curated.py
  • Tests around observability/logging, likely tests/test_observability.py or a new focused test

Acceptance Criteria

  • Normal logs do not include provider API keys or other sensitive query-string values.
  • Existing request logging still includes safe request context for debugging.
  • A focused test proves that a URL containing a fake API key is redacted before it reaches log output.
  • The PR does not include real .env values, real provider keys, private logs, or live database contents.

Verification

  • pytest tests/test_observability.py
  • Any new focused logging redaction test added by the PR
  • Optional manual check with fake provider credentials in a local environment, confirming logs show redacted values only

Contributor Notes

This is a security/privacy hardening issue. Public discussion should stay at the behavior level and use fake keys only. First-time contributors can still help here, but please keep the patch narrow and avoid posting real logs or credentials.

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedExtra attention is neededopssecuritySecurity, privacy, authorization, or dependency riskself-hosting

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions