diff --git a/keyserver/src/utils/validation-utils.js b/keyserver/src/utils/validation-utils.js
--- a/keyserver/src/utils/validation-utils.js
+++ b/keyserver/src/utils/validation-utils.js
@@ -61,7 +61,7 @@
 
 const redactedString = '********';
 const redactedTypes = [tPassword, tCookie];
-function sanitizeInput(inputValidator: *, input: *) {
+function sanitizeInput(inputValidator: any, input: any): any {
   if (!inputValidator) {
     return input;
   }
@@ -182,6 +182,9 @@
 export {
   validateInput,
   checkInputValidator,
+  redactedString,
+  sanitizeInput,
+  findFirstInputMatchingValidator,
   checkClientSupported,
   policiesValidator,
 };
diff --git a/keyserver/src/utils/validation-utils.test.js b/keyserver/src/utils/validation-utils.test.js
new file mode 100644
--- /dev/null
+++ b/keyserver/src/utils/validation-utils.test.js
@@ -0,0 +1,27 @@
+// @flow
+
+import t from 'tcomb';
+
+import { tPassword, tShape } from 'lib/utils/validation-utils.js';
+
+import { sanitizeInput, redactedString } from './validation-utils.js';
+
+describe('sanitization', () => {
+  it('should redact a string', () => {
+    expect(sanitizeInput(tPassword, 'password')).toStrictEqual(redactedString);
+  });
+
+  it('should redact a string inside an object', () => {
+    const validator = tShape({ password: tPassword });
+    const object = { password: 'password' };
+    const redacted = { password: redactedString };
+    expect(sanitizeInput(validator, object)).toStrictEqual(redacted);
+  });
+
+  it('should redact an optional string', () => {
+    const validator = tShape({ password: t.maybe(tPassword) });
+    const object = { password: 'password' };
+    const redacted = { password: redactedString };
+    expect(sanitizeInput(validator, object)).toStrictEqual(redacted);
+  });
+});