When upgrading Req (https://diff.hex.pm/diff/req/0.4.14..0.5.1), I noticed v0.5.0 changed how the authorization header is redacted, from [redacted] to foo*****, giving out both the first 3 characters and the length of the original value.

Is there a suggested way to bring back the old behavior on "user land"? I have no use for the new behavior and would rather avoid accidentally exposing secrets.

Thanks!

There is no way to bring back the old behaviour at the moment. I'll consider reverting or making this configurable.