# `Relyra.Diagnostic.AllowList`
[🔗](https://github.com/szTheory/relyra/blob/v1.1.0/lib/relyra/diagnostic/allow_list.ex#L1)

Explicit redaction and transformation engine for diagnostic bundle generation.
Ensures that sensitive data (PII, secrets, keys) does not leak when exporting
system state for debugging.

# `export_audit_log`

Exports allowed fields from an AuditEvent struct or map.
Drops `actor` and hashes `correlation_id` to prevent PII leakage.

# `export_certificate_inventory`

Exports a summary of a Certificate.
Includes only fingerprint, not_before, not_after, issuer, role, lifecycle_state.
Explicitly excludes PEM and private keys.

# `export_connection`

Exports allowed fields from a Connection struct or map.
Explicitly drops non-allowed keys (secrets/keys) but keeps ID, entity_id, state.

# `export_metadata_revision`

Exports allowed fields from a MetadataRevision struct or map.

# `hash_correlation_id`

Hashes a given correlation_id to prevent leaking user identifiable correlation strings
across system boundaries.

---

*Consult [api-reference.md](api-reference.md) for complete listing*