diff --git a/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs b/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs
index 6b81ce6..c0ffdd7 100644
--- a/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs
+++ b/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs
@@ -17,9 +17,8 @@ public static WebApplication EnsureDatabaseAvailable(this WebApplication app)
         var maxRetryAttempts = app.Configuration.GetValue<int?>("DatabaseRetry:MaxAttempts") ?? 5;
         var baseSeconds = app.Configuration.GetValue<int?>("DatabaseRetry:BaseSeconds") ?? 2;
 
-        // Redact connection string for logging (never store password in cleartext variables)
-        var configuredConn = app.Configuration.GetConnectionString("DefaultConnection") ?? "(none)";
-        var connPreview = RedactPassword(configuredConn);
+        // Get redacted connection string for logging (password never stored)
+        var connPreview = GetRedactedConnectionString(app.Configuration);
 
         var policy = Policy.Handle<Exception>()
             .WaitAndRetry(maxRetryAttempts, retryAttempt =>
@@ -59,6 +58,12 @@ public static WebApplication EnsureDatabaseAvailable(this WebApplication app)
         return app;
     }
 
+    private static string GetRedactedConnectionString(IConfiguration configuration)
+    {
+        var conn = configuration.GetConnectionString("DefaultConnection");
+        return RedactPassword(conn ?? "(none)");
+    }
+
     private static string RedactPassword(string connectionString)
     {
         if (string.IsNullOrWhiteSpace(connectionString))