> ## Documentation Index
> Fetch the complete documentation index at: https://apie.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Redact secrets

> Strip API keys, tokens, and sensitive fields from telemetry before it leaves your process.

Your agent handles API keys, passwords, and tokens. You need telemetry to reach Ratri without leaking secrets in event payloads.

## Default redacted keys

The SDK redacts these keys by default:

`apiKey`, `api_key`, `password`, `token`, `secret`, `authorization`, `access_token`, `refresh_token`, `private_key`, `client_secret`

## Configure redaction

<CodeGroup>
  ```ts TypeScript theme={null}
  const ratri = new Ratri({
    agent: { key: "my-agent", name: "My Agent" },
    redactKeys: ["ssn", "credit_card"],
    redactDenyPatterns: ["/password/i", "/secret/i"],
    redactAllowPaths: ["metadata.safe_field"],
    maxEventPayloadBytes: 64_000,
  });
  ```

  ```python Python theme={null}
  ratri = Ratri.create({
      "agent": {"key": "my-agent", "name": "My Agent"},
      "redact_keys": ["ssn", "credit_card"],
      "redact_deny_patterns": [r"/password/i", r"/secret/i"],
      "redact_allow_paths": ["metadata.safe_field"],
      "max_event_payload_bytes": 64000,
  })
  ```
</CodeGroup>

| Setting                | Effect                                       |
| ---------------------- | -------------------------------------------- |
| `redactKeys`           | Additional keys to replace with `[REDACTED]` |
| `redactDenyPatterns`   | Regex patterns for key names to redact       |
| `redactAllowPaths`     | Dot-paths to never redact                    |
| `maxEventPayloadBytes` | Truncate oversized payloads                  |

## Custom redaction function

<CodeGroup>
  ```ts TypeScript theme={null}
  redact: (event) => {
    const copy = { ...event };
    if (copy.payloadSummary?.email) {
      copy.payloadSummary = { ...copy.payloadSummary, email: "[REDACTED]" };
    }
    return copy;
  },
  ```

  ```python Python theme={null}
  def redact_event(event):
      copy = dict(event)
      if copy.get("payloadSummary", {}).get("email"):
          copy["payloadSummary"] = {**copy["payloadSummary"], "email": "[REDACTED]"}
      return copy

  ratri = Ratri.create({"redact": redact_event, "agent": {...}})
  ```
</CodeGroup>

## MCP proxy redaction

In `ratri.mcp.json`:

```json theme={null}
{
  "redactKeys": ["token", "password", "secret"]
}
```

## Standalone redaction

<CodeGroup>
  ```ts TypeScript theme={null}
  import { redactEvent } from "@ratri-sh/sdk";
  const safe = redactEvent(event, { redactKeys: ["token"] });
  ```

  ```python Python theme={null}
  from ratri import redact_event
  safe = redact_event(event, redact_keys=["token"])
  ```
</CodeGroup>

## Next steps

<CardGroup cols={2}>
  <Card title="Reliable telemetry" icon="database" href="/production/reliable-telemetry">
    Queue and shutdown.
  </Card>

  <Card title="Configuration reference" icon="gear" href="/reference/configuration">
    All config fields.
  </Card>
</CardGroup>
