Skip to content

fix: make trace_include_sensitive_data default to False for security #2392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
OpenSourceSoul wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

fix: make trace_include_sensitive_data default to False for security #2392

OpenSourceSoul wants to merge 1 commit into from
+8 −7

Conversation

@OpenSourceSoul
Copy link

@OpenSourceSoul OpenSourceSoul commented Feb 1, 2026

Problem

By default, was set to , which meant sensitive data (tool inputs/outputs, LLM generations) was automatically included in traces without explicit user consent. This violates the security principle of "secure by default" and could lead to:

  • Accidental data leakage of PII, secrets, or confidential information in production traces
  • Compliance violations for organizations with strict data handling requirements
  • Security incidents where developers unknowingly expose sensitive data

Changes

This PR makes the SDK secure-by-default by changing the default value from to :

  1. src/agents/run_config.py: Changed environment variable default from to
  2. src/agents/voice/pipeline_config.py: Changed default from to with improved documentation
  3. tests/test_run_config.py: Updated test expectations to reflect new secure-by-default behavior

Impact

  • Breaking change: Users relying on the old default will need to explicitly opt-in by setting or passing to their config
  • Security improvement: Prevents accidental exposure of sensitive data in production deployments
  • Total diff: ~15 lines changed (well within the 10-100 line limit)

Migration for existing users

Users who want to maintain the previous behavior can:

This change aligns with security best practices and protects users from unintentional data exposure.

fix: change trace_include_sensitive_data default to False for security
58d0721 
By default, trace_include_sensitive_data was set to True, which meant
sensitive data (tool inputs/outputs, LLM generations) was included in
traces without explicit user consent. This is a security risk as it could
lead to accidental data leakage of PII, secrets, or confidential info.

This change makes the SDK secure-by-default:
- Changed OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA env default from 'true' to 'false'
- Changed VoicePipelineConfig.trace_include_sensitive_data default from True to False
- Updated tests to reflect new secure-by-default behavior

Users can still opt-in to include sensitive data by:
1. Setting OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA=true environment variable
2. Explicitly passing trace_include_sensitive_data=True to RunConfig or VoicePipelineConfig

Security impact: Prevents accidental exposure of sensitive data in production deployments.
@OpenSourceSoul OpenSourceSoul mentioned this pull request Feb 1, 2026
Open
@seratch seratch marked this pull request as draft February 2, 2026 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature:core feature:voice

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OpenSourceSoul