When working with tokens and passwords, you often want to prevent them from accidentally appearing in logs or debug output. Effect provides the Redacted type for this purpose.
Both bearerToken() and basicAuth() accept Redacted values in addition to plain strings:
import { FetchHttpClient, HttpClient, HttpClientRequest,} from "effect/unstable/http";import { Effect, Redacted } from "effect";
function fetchAuthenticatedUser(token: Redacted.Redacted) { return Effect.gen(function* () { const client = yield* HttpClient.HttpClient;
// Logging the token won't reveal its value console.log("Token value (safe to log):", token);
const request = HttpClientRequest.get("https://dummyjson.com/auth/me").pipe( // bearerToken accepts Redacted directly HttpClientRequest.bearerToken(token), );
const response = yield* client.execute(request); const user = yield* response.json;
return user; }).pipe(Effect.provide(FetchHttpClient.layer));}
// Create a Redacted value from a plain stringconst sensitiveToken = Redacted.make("your-secret-token-here");
// Test itEffect.runPromise(fetchAuthenticatedUser(sensitiveToken)).then( (user) => { console.log("User:", user.firstName, user.lastName); }, (error) => { console.log("Error (expected with a fake token):", error.message); },);Output:
Token value (safe to log): <redacted>User: undefined undefinedNotice that logging the Redacted value prints <redacted> instead of the actual token. The real value is still there internally — bearerToken and basicAuth unwrap it when building the header — but it’s protected from accidental exposure in logs, error messages, and serialized output.
You create a Redacted value with Redacted.make(string) and, when you truly need the underlying string, you can extract it with Redacted.value(redacted).