pyisyox.redactor module¶

Log redactor for sensitive fields in eisy responses.

The POST /api/login response leaks the PG3 MQTT TLS keypair under data.ssl (verified in HAR captures, 2026-05-06). Access and refresh tokens are also sensitive. Apply redact_sensitive() to any debug-level dump of a JSON response body before logging.

Redactor walks the payload recursively so nested envelopes ({"successful": true, "data": {...}}) are still scrubbed.

SENSITIVE_KEYS: frozenset[str]¶: Keys whose values are replaced with <redacted> regardless of their position in the payload tree.

redact_sensitive(payload, *, sensitive_keys=frozenset({'Authorization', 'Cookie', 'Set-Cookie', 'accessToken', 'authorization', 'clientToken', 'cookie', 'password', 'refreshToken', 'setCookie', 'ssl', 'token'}))[source]¶

Return a deep copy of payload with sensitive values replaced.

Walks dicts and lists recursively. Non-container values pass through unchanged. The original payload is not mutated.

Parameters:

payload (Any) – A JSON-shaped value (dict, list, or primitive). Most commonly a dict from an aiohttp response body.
sensitive_keys (frozenset[str]) – Override the default set of keys to redact. Use for tests or for redacting additional auth-domain keys.

Returns:

A deep copy with sensitive values replaced by REDACTED.

Return type:

Any