Skip to content

fix: make trace_include_sensitive_data default to False for security#2392

Draft
OpenSourceSoul wants to merge 1 commit intoopenai:mainfrom
OpenSourceSoul:fix/secure-by-default-trace-sensitive-data
Draft

fix: make trace_include_sensitive_data default to False for security#2392
OpenSourceSoul wants to merge 1 commit intoopenai:mainfrom
OpenSourceSoul:fix/secure-by-default-trace-sensitive-data

Conversation

@OpenSourceSoul
Copy link

@OpenSourceSoul OpenSourceSoul commented Feb 1, 2026

Problem

By default, was set to , which meant sensitive data (tool inputs/outputs, LLM generations) was automatically included in traces without explicit user consent. This violates the security principle of "secure by default" and could lead to:

  • Accidental data leakage of PII, secrets, or confidential information in production traces
  • Compliance violations for organizations with strict data handling requirements
  • Security incidents where developers unknowingly expose sensitive data

Changes

This PR makes the SDK secure-by-default by changing the default value from to :

  1. src/agents/run_config.py: Changed environment variable default from to
  2. src/agents/voice/pipeline_config.py: Changed default from to with improved documentation
  3. tests/test_run_config.py: Updated test expectations to reflect new secure-by-default behavior

Impact

  • Breaking change: Users relying on the old default will need to explicitly opt-in by setting or passing to their config
  • Security improvement: Prevents accidental exposure of sensitive data in production deployments
  • Total diff: ~15 lines changed (well within the 10-100 line limit)

Migration for existing users

Users who want to maintain the previous behavior can:

This change aligns with security best practices and protects users from unintentional data exposure.

fix: change trace_include_sensitive_data default to False for security
58d0721 
By default, trace_include_sensitive_data was set to True, which meant
sensitive data (tool inputs/outputs, LLM generations) was included in
traces without explicit user consent. This is a security risk as it could
lead to accidental data leakage of PII, secrets, or confidential info.

This change makes the SDK secure-by-default:
- Changed OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA env default from 'true' to 'false'
- Changed VoicePipelineConfig.trace_include_sensitive_data default from True to False
- Updated tests to reflect new secure-by-default behavior

Users can still opt-in to include sensitive data by:
1. Setting OPENAI_AGENTS_TRACE_INCLUDE_SENSITIVE_DATA=true environment variable
2. Explicitly passing trace_include_sensitive_data=True to RunConfig or VoicePipelineConfig

Security impact: Prevents accidental exposure of sensitive data in production deployments.
@OpenSourceSoul OpenSourceSoul mentioned this pull request Feb 1, 2026
Open
@seratch seratch marked this pull request as draft February 2, 2026 01:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

feature:core feature:voice

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@OpenSourceSoul