Skip to main content
QStash messages can contain private data that you don’t want visible in the Upstash Console, or API responses. QStash allows you to redact specific fields so they appear as REDACTED:<SHA256> in the dashboard and API. The original values are still used when delivering messages to your endpoint. The SHA256 hash lets you verify the two data without revealing the original data. To redact a field, pass the redact option when publishing a message. Available options:
Redaction is one-way. Once a field is redacted, the original value cannot be retrieved from the API or dashboard.

Logs of a message with body and header[My-Secret-Header] redacted

Redaction is configured per message, so you can redact different fields for different messages. If a message fails and moves to the DLQ, the redacted fields remain redacted in the DLQ. However, when you retry a DLQ message, QStash delivers the original values to your endpoint.

Schedules

You can also redact fields in schedules. Pass the redact option when creating a schedule, and all messages produced by that schedule will have the specified fields redacted. Schedule get and list endpoints also apply redaction, so private data won’t appear in API responses or the dashboard.

Schedule with body and header[My-Secret-Header] redacted

When updating a redacted schedule via the dashboard or API, you must provide the original values for the redacted fields.If you don’t provide the original values, the redacted fields will be saved as REDACTED:<SHA256> — which is the hash value visible in the dashboard, not the original data.