From 467706ea301a367d92e8957a01b1d3a978c418d5 Mon Sep 17 00:00:00 2001
From: yuneng-jiang <yuneng.jiang@gmail.com>
Date: Tue, 17 Mar 2026 08:58:07 -0700
Subject: [PATCH] Revert "fix: langfuse trace leak key on model params"

---
 litellm/integrations/langfuse/langfuse.py     | 25 +++--------------
 litellm/litellm_core_utils/litellm_logging.py | 28 +++++++++----------
 2 files changed, 17 insertions(+), 36 deletions(-)

diff --git a/litellm/integrations/langfuse/langfuse.py b/litellm/integrations/langfuse/langfuse.py
index 29038786d06..6ac337d99a9 100644
--- a/litellm/integrations/langfuse/langfuse.py
+++ b/litellm/integrations/langfuse/langfuse.py
@@ -25,7 +25,6 @@
     reconstruct_model_name,
     filter_exceptions_from_params,
 )
-from litellm.litellm_core_utils.model_param_helper import ModelParamHelper
 from litellm.litellm_core_utils.redact_messages import redact_user_api_key_info
 from litellm.integrations.langfuse.langfuse_mock_client import (
     create_mock_langfuse_client,
@@ -292,6 +291,8 @@ def log_event_on_langfuse(
 
             functions = optional_params.pop("functions", None)
             tools = optional_params.pop("tools", None)
+            # Remove secret_fields to prevent leaking sensitive data (e.g., authorization headers)
+            optional_params.pop("secret_fields", None)
             if functions is not None:
                 prompt["functions"] = functions
             if tools is not None:
@@ -504,18 +505,13 @@ def _log_langfuse_v1(
             kwargs.get("model", ""), custom_llm_provider, metadata
         )
 
-        # Use whitelisted model parameters to prevent leaking secrets
-        sanitized_model_params = ModelParamHelper.get_standard_logging_model_parameters(
-            optional_params
-        )
-
         trace.generation(
             CreateGeneration(
                 name=metadata.get("generation_name", "litellm-completion"),
                 startTime=start_time,
                 endTime=end_time,
                 model=model_name,
-                modelParameters=sanitized_model_params,
+                modelParameters=optional_params,
                 prompt=input,
                 completion=output,
                 usage={
@@ -835,26 +831,13 @@ def _log_langfuse_v2(  # noqa: PLR0915
                 kwargs.get("model", ""), custom_llm_provider, metadata
             )
 
-            # Use whitelisted model_parameters from StandardLoggingPayload
-            # to prevent leaking secrets (api_key, auth headers, etc.)
-            if standard_logging_object is not None:
-                sanitized_model_params = standard_logging_object.get(
-                    "model_parameters", optional_params
-                )
-            else:
-                sanitized_model_params = (
-                    ModelParamHelper.get_standard_logging_model_parameters(
-                        optional_params
-                    )
-                )
-
             generation_params = {
                 "name": generation_name,
                 "id": clean_metadata.pop("generation_id", generation_id),
                 "start_time": start_time,
                 "end_time": end_time,
                 "model": model_name,
-                "model_parameters": sanitized_model_params,
+                "model_parameters": optional_params,
                 "input": input if not mask_input else "redacted-by-litellm",
                 "output": output if not mask_output else "redacted-by-litellm",
                 "usage": usage,
diff --git a/litellm/litellm_core_utils/litellm_logging.py b/litellm/litellm_core_utils/litellm_logging.py
index 5c7ca00fee4..a92f4cb9ec8 100644
--- a/litellm/litellm_core_utils/litellm_logging.py
+++ b/litellm/litellm_core_utils/litellm_logging.py
@@ -5569,23 +5569,21 @@ def scrub_sensitive_keys_in_metadata(litellm_params: Optional[dict]):
             litellm_params["_langfuse_masking_function"] = masking_fn
         litellm_params["metadata"] = metadata
 
-    ## remove sensitive logging/callback keys from metadata dicts
-    ## these contain credentials (langfuse_secret_key, langfuse_public_key, etc.)
-    _sensitive_keys = {"logging", "callback_settings"}
-
-    for metadata_field in (
-        "user_api_key_metadata",
-        "user_api_key_auth_metadata",
-        "user_api_key_team_metadata",
+    ## check user_api_key_metadata for sensitive logging keys
+    cleaned_user_api_key_metadata = {}
+    if "user_api_key_metadata" in metadata and isinstance(
+        metadata["user_api_key_metadata"], dict
     ):
-        if metadata_field in metadata and isinstance(metadata[metadata_field], dict):
-            for sensitive_key in _sensitive_keys:
-                metadata[metadata_field].pop(sensitive_key, None)
-
-    ## remove user_api_key_auth entirely - contains full auth object with nested credentials
-    metadata.pop("user_api_key_auth", None)
+        for k, v in metadata["user_api_key_metadata"].items():
+            if k == "logging":  # prevent logging user logging keys
+                cleaned_user_api_key_metadata[k] = (
+                    "scrubbed_by_litellm_for_sensitive_keys"
+                )
+            else:
+                cleaned_user_api_key_metadata[k] = v
 
-    litellm_params["metadata"] = metadata
+        metadata["user_api_key_metadata"] = cleaned_user_api_key_metadata
+        litellm_params["metadata"] = metadata
 
     return litellm_params