Debug logs are sharing (at least) Gemini API keys

[Chaoscontrol]

Checklist

• I'm running the newest version of LLM Vision https://github.com/valentinfrlch/ha-llmvision/releases/latest
• I have enabled debug logging for the integration.
• I have filled out the issue template to the best of my ability.
• This issue only contains 1 issue (if you have multiple issues, open one issue for each issue).
• This is a bug and not a feature request.
• I have searched open issues for my problem.

Describe the issue

I created this issue sharing my debug logs, and I instantly got a notification from Google about my keys being disclosed in that exact URL. Which was my own doing, inadvertently.

I'm not certain the key is the one I redacted in the logs attached, but I think so.

Reproduction steps

1. Check debug logs with Gemini as provider. It has the API key attached to some messages.

Debug logs

2025-05-07 19:30:24.549 INFO (MainThread) [custom_components.llmvision.providers] Posting to https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=redacted
2025-05-07 19:30:26.094 INFO (MainThread) [custom_components.llmvision.providers] Posting to https://generativelanguage.googleapis.com/v1beta/models/gemini-2.0-flash:generateContent?key=redacted

[valentinfrlch]

Yes you are right, this shouldn't happen. The keys should be censored. Unfortunately Google for some reason requires the key in the url (every other provider uses Bearer Authentication). Only Gemini is affected.

[Chaoscontrol]

Yeah I can understand that. However something could be added to the log message with a regex replace, and redact the key automatically for the logs. I think that's what other services do with their logs.