# `DripDrop.Redact`
[🔗](https://github.com/agoodway/dripdrop/blob/v0.1.0/lib/dripdrop/redact.ex#L1)

Redacts secrets from values before they are persisted to audit snapshots.

Two layers run on every value:

  * **String/value pattern match** — strings are matched against the
    configured `:redaction_patterns` regexes (e.g. `Authorization: Bearer X`).

  * **Map-key name match** — when traversing a map, any key whose normalized
    name contains a sensitive token (`api_key`, `secret`, `token`, `password`,
    `authorization`, `bearer`) has its value replaced with `"[REDACTED]"`
    regardless of the value's shape. This catches `{"api_key": "live_..."}`
    that the regex pass would miss because the secret value isn't surrounded
    by the matching context.

# `scrub`

```elixir
@spec scrub(term(), [Regex.t()] | nil) :: term()
```

Scrubs strings, maps, lists, and tuples using configured redaction patterns.

---

*Consult [api-reference.md](api-reference.md) for complete listing*