Skip to main content

Redaction Rules

Source file: examples/redaction_rules.hen

What It Demonstrates

  • redact_header
  • redact_capture
  • redact_body
  • combining explicit redaction with secret-derived values

Key Pattern

$ API_TOKEN = secret.file("./secrets/demo_client_id.txt")

redact_header = X-Session-Token
redact_capture = SESSION_ID
redact_body = body.session.accessToken

Run It

hen verify ./examples/redaction_rules.hen
hen run ./examples/redaction_rules.hen all --non-interactive

What To Notice

  • Hen already masks common sensitive headers such as Authorization.
  • redact_capture keeps exported values masked when they appear in later requests.
  • redact_body lets you hide sensitive response fields even when you do not export them.

Related reference: Secrets and redaction