sphinx-doc · joshuaswanson · Apr 2, 2026 · Apr 6, 2026 · Apr 6, 2026 · Apr 6, 2026
diff --git a/sphinx/ext/intersphinx/_load.py b/sphinx/ext/intersphinx/_load.py
@@ -399,17 +399,18 @@ def _fetch_inventory_url(
             raw_data = r.content
             new_inv_location = r.url
     except Exception as err:
+        safe_url = _get_safe_url(inv_location)
         err.args = (
             'intersphinx inventory %r not fetchable due to %s: %s',
-            inv_location,
+            safe_url,
             err.__class__,
-            str(err),
+            str(err).replace(inv_location, safe_url),
         )
         raise
 
     if inv_location != new_inv_location:
         msg = __('intersphinx inventory has moved: %s -> %s')
-        LOGGER.info(msg, inv_location, new_inv_location)
+        LOGGER.info(msg, _get_safe_url(inv_location), _get_safe_url(new_inv_location))
 
         if target_uri in {
             inv_location,

diff --git a/tests/test_ext_intersphinx/test_ext_intersphinx.py b/tests/test_ext_intersphinx/test_ext_intersphinx.py
@@ -666,6 +666,62 @@ def test_getsafeurl_unauthed() -> None:
     assert actual == expected
 
 
+def test_fetch_inventory_url_error_hides_credentials(capsys):
+    """Credentials should not appear in error messages on fetch failure."""
+
+    class ErrorHandler(http.server.BaseHTTPRequestHandler):
+        def do_GET(self):
+            self.send_error(500, 'Internal Server Error')
+
+        def log_message(*args, **kwargs):
+            pass
+
+    with http_server(ErrorHandler) as server:
+        url = f'http://user:secret@localhost:{server.server_port}/{INVENTORY_FILENAME}'
+        inspect_main([url])
+
+    _, stderr = capsys.readouterr()
+    assert 'secret' not in stderr
+    assert 'user@localhost' in stderr
+
+
+@pytest.mark.sphinx('html', testroot='root')
+def test_fetch_inventory_redirect_hides_credentials(app):
+    """Credentials should not appear in redirect log messages."""
+
+    class RedirectHandler(http.server.BaseHTTPRequestHandler):
+        def do_GET(self):
+            if '/new/' not in self.path:
+                self.send_response(302)
+                new_url = f'http://localhost:{self.server.server_port}/new/{INVENTORY_FILENAME}'
+                self.send_header('Location', new_url)
+                self.end_headers()
+            else:
+                self.send_response(200, 'OK')
+                self.end_headers()
+                self.wfile.write(INVENTORY_V2)
+
+        def log_message(*args, **kwargs):
+            pass
+
+    intersphinx_setup(app)
+
+    with http_server(RedirectHandler) as server:
+        port = server.server_port
+        inv_location = f'http://user:secret@localhost:{port}/{INVENTORY_FILENAME}'
+        _fetch_inventory_data(
+            target_uri=f'http://localhost:{port}/',
+            inv_location=inv_location,
+            config=_InvConfig.from_config(app.config),
+            srcdir=app.srcdir,
+            cache_path=None,
+        )
+
+    status_output = app.status.getvalue()
+    assert 'secret' not in status_output
+    assert 'user@localhost' in status_output
+
+
 def test_inspect_main_noargs(capsys):
     """inspect_main interface, without arguments"""
     assert inspect_main([]) == 1