From f35e4f62af42e7f18f7fc1da5477ec77cf3a14d1 Mon Sep 17 00:00:00 2001 From: cpandya2909 Date: Fri, 6 Mar 2026 18:32:00 +0530 Subject: [PATCH] Update http.py to mask "x-api-key" header Header "x-api-key" contains API key for Sec-Gemini Thus, it should not be logged even for Debug log leve. If "x-api-key" is present in headers, make a copy of it, mask header value as "***" and then log it. afterwards, delete masked headers fobject or cleanup --- sec-gemini-python/sec_gemini/http.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/sec-gemini-python/sec_gemini/http.py b/sec-gemini-python/sec_gemini/http.py index 028b259..845319d 100644 --- a/sec-gemini-python/sec_gemini/http.py +++ b/sec-gemini-python/sec_gemini/http.py @@ -65,7 +65,14 @@ def post( url = self._make_url(endpoint) headers = self._make_headers(headers) - logging.debug("POST URL: %s, Headers:%s", url, headers) + # Headers have x-api-key, which is API key. So skip loggig it. + if "x-api-key" in headers: + masked_headers = headers.copy() + masked_headers["x-api-key"] = "***" + logging.debug("POST URL: %s, Headers:%s", url, masked_headers) + del masked_headers + else: + logging.debug("POST URL: %s, Headers:%s", url, headers) logging.debug("Request: %s", model.model_dump_json()) start_time = time() response = self.client.post(url, headers=headers, json=data) @@ -100,7 +107,14 @@ def get( url = self._make_url(endpoint) headers = self._make_headers(headers) - logging.debug("GET URL: %s, Headers:%s", url, headers) + # Headers have x-api-key, which is API key. So skip loggig it. + if "x-api-key" in headers: + masked_headers = headers.copy() + masked_headers["x-api-key"] = "***" + logging.debug("GET URL: %s, Headers:%s", url, masked_headers) + del masked_headers + else: + logging.debug("GET URL: %s, Headers:%s", url, headers) logging.debug("Request: %s", json.dumps(query_params)) start_time = time()