Skip to content

Add regression test asserting Settings debug output excludes secret values #476

New issue
New issue
Open
Task
Open
Add regression test asserting Settings debug output excludes secret values#476
Task
@ChristianPavilonis

Description

@ChristianPavilonis
ChristianPavilonis
opened on Mar 11, 2026

Context

PR #468 introduced Redacted<T> to wrap secret fields in Settings so they print [REDACTED] in debug/display output. However, there is no test that enforces this across all secret-bearing fields. If a future field is added without wrapping in Redacted<T>, there is no safety net to catch the leak.

Proposal

Add a test that:

  1. Constructs a Settings instance with known secret values (e.g. "CANARY_SECRET")
  2. Formats it with format!("{:?}", settings)
  3. Asserts the output does not contain the canary strings
  4. Asserts the output does contain [REDACTED]

This ensures any future secret field that forgets Redacted<T> is caught at test time.

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Task

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions