From a5cf44f6aa34f35b4b35004c69149c20f0304a26 Mon Sep 17 00:00:00 2001
From: Jen Hamon <jhamon@pinecone.io>
Date: Tue, 3 Feb 2026 03:10:10 -0500
Subject: [PATCH] fix: prevent logging sensitive API key data in clear text

Fixed security vulnerability (CWE-312, CWE-532) where API key response
objects containing sensitive data were being logged. Now only logging
non-sensitive IDs instead of full response objects.

Resolves code scanning alert #72

Co-authored-by: Cursor <cursoragent@cursor.com>
---
 tests/integration/rest_sync/admin/test_api_key.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/integration/rest_sync/admin/test_api_key.py b/tests/integration/rest_sync/admin/test_api_key.py
index c2431d78e..58cbd9ff1 100644
--- a/tests/integration/rest_sync/admin/test_api_key.py
+++ b/tests/integration/rest_sync/admin/test_api_key.py
@@ -112,11 +112,11 @@ def test_fetch_aliases(self):
 
             # Fetch the API key using the aliases
             key_response_by_id = admin.api_key.fetch(api_key_id=key_response.key.id)
-            logger.info(f"API key by id: {key_response_by_id}")
+            logger.info(f"API key fetched with id: {key_response_by_id.id}")
             assert key_response_by_id.id == key_response.key.id
 
             get_key_response = admin.api_key.get(api_key_id=key_response.key.id)
-            logger.info(f"API key by name: {get_key_response}")
+            logger.info(f"API key fetched with id: {get_key_response.id}")
             assert get_key_response.id == key_response.key.id
 
             described_key_response = admin.api_key.describe(api_key_id=key_response.key.id)