Docs Plugins
GitHub ↗ Get Started

DebugSanitizationPlugin

Moves sensitive-data redaction out of the core into an explicit plugin. Safe debug: true in staging and CI environments without risking credential leaks in shipped log pipelines.

Install

import { createDebugSanitizationPlugin } from 'axios-retryer/plugins/DebugSanitizationPlugin';

Basic usage

import { createRetryer } from 'axios-retryer';
import { createDebugSanitizationPlugin } from 'axios-retryer/plugins/DebugSanitizationPlugin';

const retryer = createRetryer({ debug: true }).use(
  createDebugSanitizationPlugin({
    sanitizeOptions: {
      sensitiveHeaders: ['Authorization', 'X-API-Key', 'Session-Token'],
      sensitiveFields: ['password', 'creditCard', 'ssn', 'token'],
      sensitiveParams: ['api_key', 'secret'],
      redactionChar: '█',          // Character used to replace sensitive values
      sanitizeRequestData: true,   // Redact request body in logs
      sanitizeResponseData: false, // Keep response body in logs (opt-in)
      sanitizeUrlParams: true,     // Redact URL query params
    },
  }),
);

All options

{
  sanitizeOptions: {
    sensitiveHeaders: string[];      // Header names to redact (case-insensitive)
    sensitiveFields: string[];       // Body field names to redact (nested paths supported)
    sensitiveParams: string[];       // URL query param names to redact
    redactionChar: string;           // Character to replace values (default: '*')
    sanitizeRequestData: boolean;    // Sanitize request bodies in logs (default: true)
    sanitizeResponseData: boolean;   // Sanitize response bodies in logs (default: false)
    sanitizeUrlParams: boolean;      // Sanitize URL query params (default: true)
  }
}

What gets redacted

The plugin intercepts the library's internal log calls and replaces sensitive values before they reach your logger:

FieldExample beforeExample after
Authorization headerBearer eyJhbG...[REDACTED]
Request body field{"password":"hunter2"}{"password":"[REDACTED]"}
URL param?api_key=sk-abc123?api_key=[REDACTED]

Important caveat

⚠️
Logging safeguard only

This plugin only protects plugin-managed debug logs. It does not redact data stored in ManualRetryPlugin's request store, cached responses in CachingPlugin, or objects passed to your own event handlers. Use prepareRequestForStore and avoid caching auth-scoped endpoints for in-memory safety.

Configuration → All Plugins