Skip to content

Security Policy

Security is a top priority for the LiteLLM Operator project. We appreciate your help in responsibly disclosing any security vulnerabilities.

Reporting Security Vulnerabilities

Please see our Security Policy for complete information on:

  • How to report vulnerabilities
  • Our response process
  • Supported versions

Quick Reference

⚠️ DO NOT open public issues for security vulnerabilities.

✅ DO email security issues to security@yourdomain.com

Security Best Practices

When using the LiteLLM Operator:

1. Secure Your Virtual Keys

  • Rotate virtual keys regularly
  • Use appropriate budget limits
  • Monitor key usage

2. RBAC Configuration

  • Follow the principle of least privilege
  • Review and audit permissions regularly
  • Use namespaces to isolate resources

3. Network Security

  • Use network policies to restrict traffic
  • Enable TLS for all communications
  • Secure your LiteLLM endpoint

4. Monitoring

  • Enable audit logging
  • Monitor operator logs
  • Set up alerts for unusual activity

Response Timeline

  • Initial response: Within 24 hours
  • Status update: Within 72 hours
  • Resolution: Varies by severity

Thank you for helping keep our community safe!