From 073ba1e1c86c0710f9cf95c4913575fd2bf5ce05 Mon Sep 17 00:00:00 2001 From: Toshika-Kamble Date: Sat, 27 Jun 2026 01:21:07 +0530 Subject: [PATCH] fix(vcr): mask sensitive headers and query parameters in test configurations --- .../tests/conftest.py | 2 ++ .../tests/conftest.py | 6 +++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 2 +- .../tests/conftest.py | 10 +++++++++- .../tests/traces/conftest.py | 5 ++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 2 ++ .../tests/conftest.py | 3 ++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 20 +++++++++++-------- .../tests/metrics/conftest.py | 3 ++- .../tests/traces/conftest.py | 2 ++ .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 6 +++++- .../tests/conftest.py | 5 ++++- .../tests/conftest.py | 10 +++++++++- .../tests/metrics/conftest.py | 3 ++- .../tests/traces/conftest.py | 3 ++- .../tests/conftest.py | 8 +++++++- packages/traceloop-sdk/tests/conftest.py | 9 ++++++++- .../tests/guardrails/conftest.py | 8 +++++++- 26 files changed, 117 insertions(+), 30 deletions(-) diff --git a/packages/opentelemetry-instrumentation-agno/tests/conftest.py b/packages/opentelemetry-instrumentation-agno/tests/conftest.py index 3e567db4f3..c194976832 100644 --- a/packages/opentelemetry-instrumentation-agno/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-agno/tests/conftest.py @@ -69,11 +69,13 @@ def vcr_config(): return { "filter_headers": [ "authorization", + "api-key", "x-api-key", "cookie", "set-cookie", "x-request-id", "x-openai-organization", ], + "filter_query_parameters": ["api_key"], "filter_post_data_parameters": ["api_key"], } diff --git a/packages/opentelemetry-instrumentation-alephalpha/tests/conftest.py b/packages/opentelemetry-instrumentation-alephalpha/tests/conftest.py index 0475427008..cc11d9df09 100644 --- a/packages/opentelemetry-instrumentation-alephalpha/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-alephalpha/tests/conftest.py @@ -103,4 +103,8 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"], "decode_compressed_response": True} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + "decode_compressed_response": True, + } diff --git a/packages/opentelemetry-instrumentation-anthropic/tests/conftest.py b/packages/opentelemetry-instrumentation-anthropic/tests/conftest.py index 0e1e7926a2..6e41c8ab9b 100644 --- a/packages/opentelemetry-instrumentation-anthropic/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-anthropic/tests/conftest.py @@ -155,4 +155,7 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["x-api-key"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-bedrock/tests/conftest.py b/packages/opentelemetry-instrumentation-bedrock/tests/conftest.py index 17b65bfbf1..9e7b69b2b7 100644 --- a/packages/opentelemetry-instrumentation-bedrock/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-bedrock/tests/conftest.py @@ -143,4 +143,7 @@ def instrument_with_no_content( @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-cohere/tests/conftest.py b/packages/opentelemetry-instrumentation-cohere/tests/conftest.py index 7a58ec7e9a..3367776583 100644 --- a/packages/opentelemetry-instrumentation-cohere/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-cohere/tests/conftest.py @@ -116,4 +116,4 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return {"filter_headers": ["authorization","x-api-key","api-key"], "filter_query_parameters": ["api_key"]} diff --git a/packages/opentelemetry-instrumentation-google-generativeai/tests/conftest.py b/packages/opentelemetry-instrumentation-google-generativeai/tests/conftest.py index 7917844866..a4a44a2ebd 100644 --- a/packages/opentelemetry-instrumentation-google-generativeai/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-google-generativeai/tests/conftest.py @@ -136,7 +136,15 @@ def instrument_with_no_content(tracer_provider, logger_provider): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization", "x-goog-api-key"]} + return { + "filter_headers": [ + "authorization", + "api-key", + "x-api-key", + "x-goog-api-key", + ], + "filter_query_parameters": ["api_key"], + } @pytest.fixture(autouse=True) diff --git a/packages/opentelemetry-instrumentation-groq/tests/traces/conftest.py b/packages/opentelemetry-instrumentation-groq/tests/traces/conftest.py index e4fe4a6ff1..d61e0c07cf 100644 --- a/packages/opentelemetry-instrumentation-groq/tests/traces/conftest.py +++ b/packages/opentelemetry-instrumentation-groq/tests/traces/conftest.py @@ -133,4 +133,7 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization", "api-key"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-haystack/tests/conftest.py b/packages/opentelemetry-instrumentation-haystack/tests/conftest.py index e550a8088b..abb6ef1314 100644 --- a/packages/opentelemetry-instrumentation-haystack/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-haystack/tests/conftest.py @@ -38,4 +38,7 @@ def clear_exporter(exporter): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-langchain/tests/conftest.py b/packages/opentelemetry-instrumentation-langchain/tests/conftest.py index b41cf016db..dd1d5c77b1 100644 --- a/packages/opentelemetry-instrumentation-langchain/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-langchain/tests/conftest.py @@ -166,12 +166,14 @@ def before_record_request(request): return { "filter_headers": [ "authorization", + "api-key", "x-api-key", "x-amz-security-token", "x-amz-credential", "x-amz-signature", "x-amz-date", ], + "filter_query_parameters": ["api_key"], "match_on": ["method", "scheme", "host", "port", "path", "query"], "before_record_request": before_record_request, # Ignore AWS Instance Metadata Service (IMDS) requests that boto3 makes diff --git a/packages/opentelemetry-instrumentation-llamaindex/tests/conftest.py b/packages/opentelemetry-instrumentation-llamaindex/tests/conftest.py index a5eb358151..c2df4cdb74 100644 --- a/packages/opentelemetry-instrumentation-llamaindex/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-llamaindex/tests/conftest.py @@ -121,7 +121,8 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization", "api-key"], + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], "ignore_hosts": ["raw.githubusercontent.com"], } diff --git a/packages/opentelemetry-instrumentation-mistralai/tests/conftest.py b/packages/opentelemetry-instrumentation-mistralai/tests/conftest.py index b582f28321..58eb3e26df 100644 --- a/packages/opentelemetry-instrumentation-mistralai/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-mistralai/tests/conftest.py @@ -106,4 +106,7 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-openai-agents/tests/conftest.py b/packages/opentelemetry-instrumentation-openai-agents/tests/conftest.py index 49da80af86..2c8a8918aa 100644 --- a/packages/opentelemetry-instrumentation-openai-agents/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-openai-agents/tests/conftest.py @@ -283,4 +283,7 @@ async def plan_and_apply_recipe_modifications(recipe: Recipe, modification_reque @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization", "api-key"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-openai/tests/conftest.py b/packages/opentelemetry-instrumentation-openai/tests/conftest.py index cde4894c0c..d4e337269e 100644 --- a/packages/opentelemetry-instrumentation-openai/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-openai/tests/conftest.py @@ -197,11 +197,15 @@ def clear_exporter(span_exporter): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": [ - "authorization", - "api-key", - "openai-organization", - "openai-project", - "set-cookie", - "x-request-id", - ]} + return { + "filter_headers": [ + "authorization", + "api-key", + "x-api-key", + "openai-organization", + "openai-project", + "set-cookie", + "x-request-id", + ], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-openai/tests/metrics/conftest.py b/packages/opentelemetry-instrumentation-openai/tests/metrics/conftest.py index 6aa5d3d876..b7efb6d672 100644 --- a/packages/opentelemetry-instrumentation-openai/tests/metrics/conftest.py +++ b/packages/opentelemetry-instrumentation-openai/tests/metrics/conftest.py @@ -4,6 +4,7 @@ @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization"], + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], "ignore_hosts": ["openaipublic.blob.core.windows.net"], } diff --git a/packages/opentelemetry-instrumentation-openai/tests/traces/conftest.py b/packages/opentelemetry-instrumentation-openai/tests/traces/conftest.py index 28dd321a66..d1aa2ff1af 100644 --- a/packages/opentelemetry-instrumentation-openai/tests/traces/conftest.py +++ b/packages/opentelemetry-instrumentation-openai/tests/traces/conftest.py @@ -7,10 +7,12 @@ def vcr_config(): "filter_headers": [ "authorization", "api-key", + "x-api-key", "openai-organization", "openai-project", "set-cookie", "x-request-id", ], + "filter_query_parameters": ["api_key"], "ignore_hosts": ["openaipublic.blob.core.windows.net"], } diff --git a/packages/opentelemetry-instrumentation-pinecone/tests/conftest.py b/packages/opentelemetry-instrumentation-pinecone/tests/conftest.py index 072d7fbaa0..c7c8a84dc6 100644 --- a/packages/opentelemetry-instrumentation-pinecone/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-pinecone/tests/conftest.py @@ -63,4 +63,7 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-replicate/tests/conftest.py b/packages/opentelemetry-instrumentation-replicate/tests/conftest.py index 957b68579f..3d4876fd8b 100644 --- a/packages/opentelemetry-instrumentation-replicate/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-replicate/tests/conftest.py @@ -95,4 +95,7 @@ def instrument_with_no_content(tracer_provider, logger_provider): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-sagemaker/tests/conftest.py b/packages/opentelemetry-instrumentation-sagemaker/tests/conftest.py index d8b928e072..ee1ca42bff 100644 --- a/packages/opentelemetry-instrumentation-sagemaker/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-sagemaker/tests/conftest.py @@ -111,4 +111,7 @@ def smrt(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-together/tests/conftest.py b/packages/opentelemetry-instrumentation-together/tests/conftest.py index a14229f47e..2d44497ac1 100644 --- a/packages/opentelemetry-instrumentation-together/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-together/tests/conftest.py @@ -103,4 +103,8 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"], "decode_compressed_response": True} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + "decode_compressed_response": True, + } diff --git a/packages/opentelemetry-instrumentation-vertexai/tests/conftest.py b/packages/opentelemetry-instrumentation-vertexai/tests/conftest.py index 0fdb686305..d4768ac7e1 100644 --- a/packages/opentelemetry-instrumentation-vertexai/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-vertexai/tests/conftest.py @@ -118,4 +118,7 @@ def instrument_with_no_content( @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization"]} + return { + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-voyageai/tests/conftest.py b/packages/opentelemetry-instrumentation-voyageai/tests/conftest.py index 88f1800926..ea4b363e74 100644 --- a/packages/opentelemetry-instrumentation-voyageai/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-voyageai/tests/conftest.py @@ -55,4 +55,12 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): - return {"filter_headers": ["authorization", "x-voyage-api-key"]} + return { + "filter_headers": [ + "authorization", + "api-key", + "x-api-key", + "x-voyage-api-key", + ], + "filter_query_parameters": ["api_key"], + } diff --git a/packages/opentelemetry-instrumentation-watsonx/tests/metrics/conftest.py b/packages/opentelemetry-instrumentation-watsonx/tests/metrics/conftest.py index f983194ebe..d486bcd7fa 100644 --- a/packages/opentelemetry-instrumentation-watsonx/tests/metrics/conftest.py +++ b/packages/opentelemetry-instrumentation-watsonx/tests/metrics/conftest.py @@ -109,7 +109,8 @@ def metrics_test_context_with_no_content(logger_provider): @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization"], + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], "allow_playback_repeats": True, "decode_compressed_response": True, } diff --git a/packages/opentelemetry-instrumentation-watsonx/tests/traces/conftest.py b/packages/opentelemetry-instrumentation-watsonx/tests/traces/conftest.py index c467c767fc..25f1c82015 100644 --- a/packages/opentelemetry-instrumentation-watsonx/tests/traces/conftest.py +++ b/packages/opentelemetry-instrumentation-watsonx/tests/traces/conftest.py @@ -117,7 +117,8 @@ def clear_exporter(exporter_legacy): @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization"], + "filter_headers": ["authorization", "api-key", "x-api-key"], + "filter_query_parameters": ["api_key"], "allow_playback_repeats": True, "decode_compressed_response": True, } diff --git a/packages/opentelemetry-instrumentation-weaviate/tests/conftest.py b/packages/opentelemetry-instrumentation-weaviate/tests/conftest.py index a6dbf3881e..f45474a565 100644 --- a/packages/opentelemetry-instrumentation-weaviate/tests/conftest.py +++ b/packages/opentelemetry-instrumentation-weaviate/tests/conftest.py @@ -78,5 +78,11 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization", "x-openai-api-key"], + "filter_headers": [ + "authorization", + "api-key", + "x-api-key", + "x-openai-api-key", + ], + "filter_query_parameters": ["api_key"], } diff --git a/packages/traceloop-sdk/tests/conftest.py b/packages/traceloop-sdk/tests/conftest.py index 7d50448230..18f1901509 100644 --- a/packages/traceloop-sdk/tests/conftest.py +++ b/packages/traceloop-sdk/tests/conftest.py @@ -46,7 +46,14 @@ def environment(): @pytest.fixture(scope="module") def vcr_config(): return { - "filter_headers": ["authorization"], + "filter_headers": [ + ("authorization", "REDACTED"), + ("api-key", "REDACTED"), + ("x-api-key", "REDACTED"), + ], + "filter_query_parameters": [ + ("api_key", "REDACTED"), + ], "ignore_hosts": ["openaipublic.blob.core.windows.net"], } diff --git a/packages/traceloop-sdk/tests/guardrails/conftest.py b/packages/traceloop-sdk/tests/guardrails/conftest.py index 2a9942e2a2..f47c140008 100644 --- a/packages/traceloop-sdk/tests/guardrails/conftest.py +++ b/packages/traceloop-sdk/tests/guardrails/conftest.py @@ -12,7 +12,13 @@ def vcr_config(): Filters authorization headers to avoid storing API keys in cassettes. """ return { - "filter_headers": ["authorization", "Authorization"], + "filter_headers": [ + "authorization", + "Authorization", + "api-key", + "x-api-key", + ], + "filter_query_parameters": ["api_key"], "record_mode": "once", }