KaueReinbold · KaueReinbold · Jan 25, 2026 · Jan 25, 2026 · Jan 25, 2026
diff --git a/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs b/src/server/api/dotnet/Reminders.Api/Extensions/DatabaseExtensions.cs
@@ -17,9 +17,8 @@
         var maxRetryAttempts = app.Configuration.GetValue<int?>("DatabaseRetry:MaxAttempts") ?? 5;
         var baseSeconds = app.Configuration.GetValue<int?>("DatabaseRetry:BaseSeconds") ?? 2;
 
-        // Redact connection string for logging (never store password in cleartext variables)
-        var configuredConn = app.Configuration.GetConnectionString("DefaultConnection") ?? "(none)";
-        var connPreview = RedactPassword(configuredConn);
+        // Get redacted connection string for logging (password never stored)
+        var connPreview = GetRedactedConnectionString(app.Configuration);
 
         var policy = Policy.Handle<Exception>()
             .WaitAndRetry(maxRetryAttempts, retryAttempt =>
@@ -29,7 +28,7 @@
            }, (exception, timeSpan, retryCount, context) =>
            {
                logger?.LogWarning(exception, "Database connectivity attempt {RetryCount} failed for {ConnectionPreview}. Next retry in {Delay}.", retryCount, connPreview, timeSpan);
            });

        try
        {
@@ -54,11 +53,17 @@
        catch (Exception ex)
        {
            logger?.LogError(ex, "Database connectivity could not be established after {Attempts} attempts to {ConnectionPreview}. Verify the database is running and the connection settings (env/.env). Startup will continue; migrations may fail.", maxRetryAttempts, connPreview);
        }

         return app;
     }
 
+    private static string GetRedactedConnectionString(IConfiguration configuration)
+    {
+        var conn = configuration.GetConnectionString("DefaultConnection");
+        return RedactPassword(conn ?? "(none)");
+    }
+
     private static string RedactPassword(string connectionString)
     {
         if (string.IsNullOrWhiteSpace(connectionString))