DEV Community: Hanlin Xiang The latest articles on DEV Community by Hanlin Xiang (@ai-gateway-veteran). https://dev.to/ai-gateway-veteran https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3988994%2F78c4bdc4-22db-4b3f-83ca-994d4b4d8f20.png DEV Community: Hanlin Xiang https://dev.to/ai-gateway-veteran en The #3 Production Killer in Your LiteLLM Setup: Key Cache Invalidation (and How to Fix It) Hanlin Xiang Fri, 19 Jun 2026 14:18:28 +0000 https://dev.to/ai-gateway-veteran/the-3-production-killer-in-your-litellm-setup-key-cache-invalidation-and-how-to-fix-it-5af5 https://dev.to/ai-gateway-veteran/the-3-production-killer-in-your-litellm-setup-key-cache-invalidation-and-how-to-fix-it-5af5 <blockquote> <p>This is the pitfall that cost me 3 hours at 2 AM. If you're running LiteLLM Proxy in production, it will hit you too — usually at the worst possible time.</p> </blockquote> <h2> What Happened </h2> <p>I run LiteLLM Proxy + New API in front of 18 provider channels. One night, I rotated an API key for a provider that had been flagged for unusual spending.</p> <p>Standard procedure:</p> <ol> <li>Generate new key in provider dashboard</li> <li>Update <code>config.yaml</code> with new key</li> <li>Run <code>litellm --config config.yaml --reload</code> </li> </ol> <p>The reload succeeded. No errors. The config showed the new key. I went to sleep.</p> <p><strong>The next morning, the old key was still being used.</strong> Every single request was still authenticating with the rotated-out key. The provider's dashboard showed traffic from both keys — the new one (from config validation) and the old one (from actual API calls).</p> <h2> Why It Happens </h2> <p>LiteLLM caches API keys in-memory for performance. When you <code>--reload</code>, the <strong>config</strong> is reloaded, but the <strong>key store</strong> is not purged. The worker process holds the old keys in a dictionary that persists across config reloads.</p> <p>This means:</p> <ul> <li> <code>config.yaml</code> shows the new key ✅</li> <li> <code>litellm --model_cost_map</code> shows the new key ✅</li> <li>The actual HTTP requests use the old key ❌</li> </ul> <p>You won't notice until the old key expires or is revoked — at which point every request to that provider starts returning <code>401</code>, and your fallback chain kicks in, routing traffic to your most expensive model.</p> <h2> The Fix </h2> <p><strong>Option 1: Purge the cache manually (no downtime)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST http://localhost:4000/cache/purge <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$LITELLM_MASTER_KEY</span><span class="s2">"</span> </code></pre> </div> <p>This clears the in-memory key cache. The next request will pull the key from the freshly reloaded config.</p> <p><strong>Option 2: Use Redis for shared key state (recommended for multi-worker)</strong></p> <p>Set <code>REDIS_HOST</code> in your environment:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">REDIS_HOST=redis://redis:6379</span> <span class="pi">-</span> <span class="s">REDIS_CONNECTION_POOL_SIZE=5</span> </code></pre> </div> <p>With Redis, keys are stored externally. A config reload triggers a Redis key update, and all workers pick it up immediately. No stale keys.</p> <p><strong>Option 3: Restart the worker (downtime: 2-5 seconds)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker restart litellm-proxy </code></pre> </div> <p>Brute force, but guaranteed to work. Use this if you're in a hurry and can afford a brief blip.</p> <h2> How to Detect It Before Users Do </h2> <p>Add this to your monitoring — a simple script that checks whether the key in config matches the key actually being used:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check which key is being used for a specific model</span> curl <span class="nt">-s</span> http://localhost:4000/v1/chat/completions <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer </span><span class="nv">$LITELLM_API_KEY</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{"model": "openai/gpt-4o", "messages": [{"role": "user", "content": "test"}], "max_tokens": 1}'</span> <span class="se">\</span> | jq <span class="s1">'.usage'</span> <span class="c"># Compare with the key in config</span> <span class="nb">grep</span> <span class="s2">"api_key:"</span> config.yaml | <span class="nb">head</span> <span class="nt">-1</span> </code></pre> </div> <p>If the provider's response includes a <code>x-api-key-id</code> header (OpenAI does), you can verify which key was used without guessing.</p> <h2> The Bigger Picture </h2> <p>Key cache invalidation is <strong>Pitfall #3</strong> in my production survival map. There are 4 more deployment pitfalls and 3 hidden cost traps that I documented after 6 months of running this stack:</p> <ol> <li> <strong>503 on every request after adding a provider</strong> — model name mismatch</li> <li> <strong>Costs 3× higher than expected</strong> — fallback chain hits expensive models by default</li> <li> <strong>Keys rotated but old ones still work</strong> ← <em>this one</em> </li> <li> <strong>Streaming responses cut off mid-token</strong> — Nginx/Cloudflare buffering</li> <li> <strong>New API channels show "insufficient quota" with balance &gt; 0</strong> — weight = 0 by default</li> </ol> <p>Each of these took me 1-2 hours to diagnose in production. The full one-page reference card with all 5 pitfalls, 3 cost traps, a failure decision tree, and a pre-launch security checklist is available here:</p> <p><strong>👉 <a href="https://payhip.com/b/S96bB" rel="noopener noreferrer">AI API Gateway Pitfall Map — $9</a></strong></p> <p>It's the page you print and pin next to your monitor — because when your gateway goes down at 2 AM, you won't be reading a 40-page guide.</p> api backend devops llm 5 Pitfalls I Hit Running LiteLLM Proxy in Production (with a 1-page survival map) Hanlin Xiang Wed, 17 Jun 2026 12:09:44 +0000 https://dev.to/ai-gateway-veteran/5-pitfalls-i-hit-running-litellm-proxy-in-production-with-a-1-page-survival-map-4k1h https://dev.to/ai-gateway-veteran/5-pitfalls-i-hit-running-litellm-proxy-in-production-with-a-1-page-survival-map-4k1h <p>I've spent the last 6 months running an 18-channel LLM gateway in production — LiteLLM Proxy backed by Redis and PostgreSQL, routing traffic across OpenAI, Anthropic, Google, DeepSeek, and several smaller providers. What started as a weekend project turned into a 24/7 operation serving multiple AI agents and internal tools.</p> <p>This post covers the 5 pitfalls that hit me hardest, with real error examples and the fixes that worked. If you're running LiteLLM Proxy (or considering it), these are the things I wish someone had told me before I went to production.</p> <h2> Pitfall #1: Silent OOM (Memory Leak + No systemd MemoryMax) </h2> <p>LiteLLM has a known memory leak under high concurrency. Without a hard memory limit, the process will eat all available RAM until the kernel's OOM-killer takes it down — usually at 3 AM.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># The symptom: requests start timing out intermittently # Check dmesg for the kill signal </span><span class="kn">import</span> <span class="n">subprocess</span> <span class="n">result</span> <span class="o">=</span> <span class="n">subprocess</span><span class="p">.</span><span class="nf">run</span><span class="p">([</span><span class="sh">"</span><span class="s">dmesg</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">-T</span><span class="sh">"</span><span class="p">],</span> <span class="n">capture_output</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">text</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">result</span><span class="p">.</span><span class="n">stdout</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="sh">"</span><span class="p">):</span> <span class="k">if</span> <span class="sh">"</span><span class="s">oom</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">line</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">and</span> <span class="sh">"</span><span class="s">litellm</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">line</span><span class="p">.</span><span class="nf">lower</span><span class="p">():</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">FOUND: </span><span class="si">{</span><span class="n">line</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># The fix: systemd unit with MemoryMax # /etc/systemd/system/litellm.service # [Service] # ExecStart=/usr/bin/litellm --config /opt/litellm/config.yaml --port 4000 # MemoryMax=4G # Restart=always # RestartSec=10 </span></code></pre> </div> <p>The fix is simple but easy to miss: set <code>MemoryMax=4G</code> (or whatever your server can spare) in your systemd unit. The proxy will restart cleanly instead of being force-killed.</p> <h2> Pitfall #2: Key Cache Miss (OpenAI 8min Cache vs 24h Cache Key) </h2> <p>This was the single most painful bug I encountered. I rotated a provider API key through the config and ran <code>litellm --reload</code>. The config file updated, but LiteLLM caches keys in-memory. The old key kept getting used for hours.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What happened: silent 401s that looked like "provider outage" # The config was correct, but the in-memory cache wasn't purged </span> <span class="c1"># WRONG: this only reloads config, not the key store # litellm --reload </span> <span class="c1"># RIGHT: purge the cache explicitly </span><span class="kn">import</span> <span class="n">requests</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">http://localhost:4000/cache/purge</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer YOUR_MASTER_KEY</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="c1"># Or just restart the worker entirely # If using REDIS_HOST for shared state, flush that too: # redis-cli -h $REDIS_HOST FLUSHDB </span></code></pre> </div> <p>The key insight: <code>--reload</code> refreshes the config file but does NOT purge the in-memory key cache. You need to either hit <code>/cache/purge</code> or restart the worker. If you're using Redis for shared key state, flush that too.</p> <h2> Pitfall #3: Retry Storm (4xx Retries Cause Rate-Limit Avalanche) </h2> <p>LiteLLM retries <code>num_retries=3</code> by default. A single failed call becomes 3x the token spend. Worse: on 4xx errors (which should NOT be retried), the retry logic can trigger rate-limit cascades.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># The problem: default config retries everything # config.yaml (BAD) # litellm_settings: # num_retries: 3 # This retries even 4xx errors! </span> <span class="c1"># The fix: retry only 5xx, use fallbacks for 4xx # config.yaml (GOOD) </span><span class="n">litellm_settings</span><span class="p">:</span> <span class="n">num_retries</span><span class="p">:</span> <span class="mi">1</span> <span class="n">retry_policy</span><span class="p">:</span> <span class="n">InternalServerError</span><span class="p">:</span> <span class="n">retries</span><span class="p">:</span> <span class="mi">1</span> <span class="n">RateLimitError</span><span class="p">:</span> <span class="n">retries</span><span class="p">:</span> <span class="mi">0</span> <span class="c1"># Don't retry rate limits — use fallbacks instead </span> <span class="n">model_list</span><span class="p">:</span> <span class="o">-</span> <span class="n">model_name</span><span class="p">:</span> <span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">litellm_params</span><span class="p">:</span> <span class="n">model</span><span class="p">:</span> <span class="n">openai</span><span class="o">/</span><span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">fallbacks</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">anthropic/claude-3.5-sonnet</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <p>Set <code>num_retries: 1</code> for non-critical paths. Use fallbacks (cheapest-first) instead of retries for cost control. A retry storm on a rate-limited provider can 3x your spend in 5 minutes.</p> <h2> Pitfall #4: Cost Unobserved (Multi-Provider Routing Weights) </h2> <p>When you route across multiple providers, LiteLLM's default <code>fallbacks</code> are sequential — not cost-sorted. One upstream failure can route all traffic to your most expensive model.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># The problem: fallbacks hit the most expensive model first # config.yaml (BAD) </span><span class="n">model_list</span><span class="p">:</span> <span class="o">-</span> <span class="n">model_name</span><span class="p">:</span> <span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">litellm_params</span><span class="p">:</span> <span class="n">model</span><span class="p">:</span> <span class="n">openai</span><span class="o">/</span><span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">fallbacks</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">openai/gpt-4o-mini</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">anthropic/claude-3.5-sonnet</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># If gpt-4o fails, it tries mini (cheap) then sonnet (expensive) </span> <span class="c1"># But if mini also fails, ALL traffic goes to sonnet </span> <span class="c1"># The fix: sort fallbacks cheapest-first + set max_budget per team # config.yaml (GOOD) </span><span class="n">litellm_settings</span><span class="p">:</span> <span class="n">max_budget</span><span class="p">:</span> <span class="mf">100.0</span> <span class="c1"># Daily budget cap in USD </span> <span class="n">budget_duration</span><span class="p">:</span> <span class="sh">"</span><span class="s">1d</span><span class="sh">"</span> <span class="n">model_list</span><span class="p">:</span> <span class="o">-</span> <span class="n">model_name</span><span class="p">:</span> <span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">litellm_params</span><span class="p">:</span> <span class="n">model</span><span class="p">:</span> <span class="n">openai</span><span class="o">/</span><span class="n">gpt</span><span class="o">-</span><span class="mi">4</span><span class="n">o</span> <span class="n">allowed_fails</span><span class="p">:</span> <span class="mi">3</span> <span class="n">fallbacks</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">openai/gpt-4o-mini</span><span class="sh">"</span><span class="p">]</span> <span class="c1"># Only fall back to cheaper models </span></code></pre> </div> <p>Monitor per-provider spend daily. The LiteLLM UI shows cost breakdowns, but only if you've configured <code>master_key</code> and <code>database_url</code> properly.</p> <h2> Pitfall #5: Metric Blindness (Incomplete Prometheus Metrics) </h2> <p>LiteLLM's built-in Prometheus metrics don't cover per-provider latency percentiles or cost attribution. You're flying blind on the most important signals for production operations.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># What LiteLLM exposes by default: # - litellm_requests_total # - litellm_request_duration_seconds (aggregate, not per-provider) # - litellm_spend_total (only if database is configured) </span> <span class="c1"># What's MISSING: # - Per-provider P95/P99 latency # - Per-provider error rate # - Per-team cost breakdown # - Cache hit/miss ratio </span> <span class="c1"># The fix: add a custom middleware to emit per-provider metrics </span><span class="kn">from</span> <span class="n">litellm.integrations.custom_logger</span> <span class="kn">import</span> <span class="n">CustomLogger</span> <span class="kn">import</span> <span class="n">prometheus_client</span> <span class="k">as</span> <span class="n">prom</span> <span class="n">provider_latency</span> <span class="o">=</span> <span class="n">prom</span><span class="p">.</span><span class="nc">Histogram</span><span class="p">(</span> <span class="sh">'</span><span class="s">litellm_provider_latency_seconds</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Latency by provider</span><span class="sh">'</span><span class="p">,</span> <span class="p">[</span><span class="sh">'</span><span class="s">provider</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">model</span><span class="sh">'</span><span class="p">]</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">PerProviderMetrics</span><span class="p">(</span><span class="n">CustomLogger</span><span class="p">):</span> <span class="k">def</span> <span class="nf">log_success_event</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">kwargs</span><span class="p">,</span> <span class="n">response_obj</span><span class="p">,</span> <span class="n">start_time</span><span class="p">,</span> <span class="n">end_time</span><span class="p">):</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">kwargs</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">litellm_params</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">custom_llm_provider</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">unknown</span><span class="sh">"</span><span class="p">)</span> <span class="n">model</span> <span class="o">=</span> <span class="n">kwargs</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">litellm_params</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">unknown</span><span class="sh">"</span><span class="p">)</span> <span class="n">latency</span> <span class="o">=</span> <span class="p">(</span><span class="n">end_time</span> <span class="o">-</span> <span class="n">start_time</span><span class="p">).</span><span class="nf">total_seconds</span><span class="p">()</span> <span class="n">provider_latency</span><span class="p">.</span><span class="nf">labels</span><span class="p">(</span><span class="n">provider</span><span class="o">=</span><span class="n">provider</span><span class="p">,</span> <span class="n">model</span><span class="o">=</span><span class="n">model</span><span class="p">).</span><span class="nf">observe</span><span class="p">(</span><span class="n">latency</span><span class="p">)</span> </code></pre> </div> <p>Without per-provider metrics, you can't tell if DeepSeek is slow today or if OpenAI is throttling you. Add a custom logger to fill the gap.</p> <h2> The Solution: A 1-Page Survival Map </h2> <p>After hitting all 5 of these pitfalls in production (and losing too many weekends to debugging), I compiled everything into a single-page survival map. It covers:</p> <ul> <li>All 5 deployment pitfalls with symptoms, root causes, and fixes</li> <li>3 hidden cost traps (retry amplification, embedding tax, idle-connection keep-alive)</li> <li>A failure decision tree for any error code you'll see</li> <li>A pre-launch security checklist</li> <li>Copy-paste diagnostic commands</li> </ul> <p>The full map is available here: <a href="https://payhip.com/b/S96bB" rel="noopener noreferrer">https://payhip.com/b/S96bB</a></p> <p>It's $9, no email signup, no affiliate. Just the thing I wish I had when I started.</p> <p>Have you hit any of these pitfalls? Or did I miss something that's bitten you? Drop a comment — I'll be responding to everyone. You can find me at <a class="mentioned-user" href="https://dev.to/ai-gateway-veteran">@ai-gateway-veteran</a> on Reddit and X.</p> python litellm devops ai