diff --git a/Cargo.lock b/Cargo.lock
index 66dae55b2..62179570c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4051,6 +4051,7 @@ dependencies = [
  "rand 0.8.5",
  "rand_core 0.6.4",
  "regex",
+ "safelog",
  "statrs",
  "subtle",
  "thiserror",
diff --git a/crates/tor-proto/Cargo.toml b/crates/tor-proto/Cargo.toml
index d55b19639..349f53a36 100644
--- a/crates/tor-proto/Cargo.toml
+++ b/crates/tor-proto/Cargo.toml
@@ -38,6 +38,7 @@ hmac = "0.12.0"
 pin-project = "1"
 rand = "0.8"
 rand_core = "0.6.2"
+safelog = { path = "../safelog", version = "0.2.0" }
 subtle = "2"
 thiserror = "1"
 tokio-crate = { package = "tokio", version = "1.7", optional = true }
diff --git a/crates/tor-proto/src/channel.rs b/crates/tor-proto/src/channel.rs
index c7b44cca7..b7f38830a 100644
--- a/crates/tor-proto/src/channel.rs
+++ b/crates/tor-proto/src/channel.rs
@@ -71,6 +71,7 @@ use crate::util::err::ChannelClosed;
 use crate::util::ts::OptTimestamp;
 use crate::{circuit, ClockSkew};
 use crate::{Error, Result};
+use safelog::sv;
 use std::pin::Pin;
 use std::sync::{Mutex, MutexGuard};
 use std::time::Duration;
@@ -650,7 +651,8 @@ where
             Some(actual) => {
                 return Err(Error::ChanMismatch(format!(
                     "Identity {} does not match target {}",
-                    actual, desired
+                    sv(actual),
+                    sv(desired)
                 )));
             }
             None => {
diff --git a/crates/tor-proto/src/channel/handshake.rs b/crates/tor-proto/src/channel/handshake.rs
index 0bd9d0bd9..5bb5e836e 100644
--- a/crates/tor-proto/src/channel/handshake.rs
+++ b/crates/tor-proto/src/channel/handshake.rs
@@ -958,7 +958,8 @@ pub(super) mod test {
         .unwrap();
 
         let re = Regex::new(
-            r"Identity .* does not match target ed25519:EBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBA",
+            // identities might be scrubbed by safelog
+            r"Identity .* does not match target .*",
         ).unwrap();
         assert!(re.is_match(&format!("{}", err)));
 
@@ -974,7 +975,8 @@ pub(super) mod test {
         .unwrap();
 
         let re = Regex::new(
-            r"Identity .* does not match target \$9999999999999999999999999999999999999999",
+            // identities might be scrubbed by safelog
+            r"Identity .* does not match target .*",
         )
         .unwrap();
         assert!(re.is_match(&format!("{}", err)));