Currently log redaction is only caught in code review and in a manual review at the end of each release. One automated way to look for unredacted strings would be to put a canary string like 'XXXXXXXXX' in places that we expect to be redacted and make sure that we don't see it in the logs.