diff --git a/interposer/recorder.py b/interposer/recorder.py
index 64c927e..8044aed 100644
--- a/interposer/recorder.py
+++ b/interposer/recorder.py
@@ -102,18 +102,21 @@ def tearDownClass(cls) -> None:
 
         super().tearDownClass()
 
-    def redact(self, secret: str, replacement: str = "*") -> str:
+    def redact(self, secret: str, identifier: str) -> str:
         """
-        Redact a secret in playback mode, and keep track of the secret in
-        recording mode.  This allows tests to use secrets quite normally.
-        Callers just have to remember to run secrets through redact().
+        In recording mode, pass in the secret and a unique identifier that
+        will be present during playback that identifies the secret.  The
+        content in the recording will be redacted using the identifier.
 
-        It is recommended you provide a unique replacment string (it does
-        not need to be the same length as the secret), for each secret
-        to disambiguate them in the same run, especially for secrets of the
-        same length.
+        In playback mode, pass in anything plus the same unique identifier
+        that was present during recording and the redaction will be returned
+        for you to use in place of the secret.  Then your call will align
+        with the recording's call, even though you did not use the same
+        actual secret.
+
+        Each identifier for a secret must be unique.
         """
-        return self.tapedeck.redact(secret, replacement=replacement)
+        return self.tapedeck.redact(secret, identifier)
 
 
 class TapeDeckCallHandler(CallHandler):
diff --git a/tests/recorder_test.py b/tests/recorder_test.py
index f918b52..d3ff54b 100644
--- a/tests/recorder_test.py
+++ b/tests/recorder_test.py
@@ -316,19 +316,18 @@ def test_secrets(self):
         # the secrets get redacted; in playback mode this redacts it immediately
         # so the playback matches the recording
         assert not self.tapedeck._redactions
-        uut = cls(self.redact(self.token, replacement="TOKEN"))
+        uut = cls(self.redact(self.token, "TOKEN"))
         assert self.tapedeck._redactions
-        assert uut.get_token() == self.redact(self.token, replacement="TOKEN")
-        assert self.redact(self.token) == self.token
+        assert uut.get_token() == self.redact(self.token, "TOKEN2")
 
         self.tapedeck.close()  # applies redaction to recording
         self.tapedeck.mode = Mode.Playback
         self.tapedeck.open()
 
         assert not self.tapedeck._redactions
-        uut = cls(self.redact(self.token, replacement="TOKEN"))
-        foo = self.redact(self.token, replacement="TOKEN")
-        assert foo == "TOKENTOKENTOKENTOKENTOKENTOKENTOKENT"
+        uut = cls(self.redact("foo", "TOKEN"))
+        foo = self.redact("foo", "TOKEN")
+        assert foo == "TOKEN_______________________________"
 
         # most importantly, the object initializer argument was redacted
         assert uut.get_token() == foo