diff --git a/.rubocop.yml b/.rubocop.yml
index c82c4e53985..ace54443b13 100644
--- a/.rubocop.yml
+++ b/.rubocop.yml
@@ -36,6 +36,7 @@ Metrics/BlockLength:
   Max: 25
   ExcludedMethods:
     - 'Struct.new'
+    - 'RedactedStruct.new'
   Exclude:
     - 'Rakefile'
     - '**/*.rake'
diff --git a/Gemfile b/Gemfile
index a09f4f2f93e..d0bafec9934 100644
--- a/Gemfile
+++ b/Gemfile
@@ -23,7 +23,7 @@ gem 'faraday'
 gem 'foundation_emails'
 gem 'hiredis'
 gem 'http_accept_language'
-gem 'identity-doc-auth', github: '18F/identity-doc-auth', tag: 'v0.4.1'
+gem 'identity-doc-auth', github: '18F/identity-doc-auth', branch: 'v0.5.0'
 gem 'identity-hostdata', github: '18F/identity-hostdata', tag: 'v2.0.0'
 gem 'identity-logging', github: '18F/identity-logging', tag: 'v0.1.0'
 require File.join(__dir__, 'lib', 'lambda_jobs', 'git_ref.rb')
@@ -49,6 +49,7 @@ gem 'rack-timeout', require: false
 gem 'raise-if-root'
 gem 'readthis'
 gem 'recaptcha', require: 'recaptcha/rails'
+gem 'redacted_struct'
 gem 'redis-session-store', '>= 0.11.3'
 gem 'rotp', '~> 6.1'
 gem 'rqrcode'
@@ -123,6 +124,6 @@ group :test do
 end
 
 group :production do
-  gem 'aamva', github: '18F/identity-aamva-api-client-gem', tag: 'v4.1.0'
-  gem 'lexisnexis', github: '18F/identity-lexisnexis-api-client-gem', tag: 'v3.1.1'
+  gem 'aamva', github: '18F/identity-aamva-api-client-gem', tag: 'v4.2.0'
+  gem 'lexisnexis', github: '18F/identity-lexisnexis-api-client-gem', tag: 'v3.2.0'
 end
diff --git a/Gemfile.lock b/Gemfile.lock
index 0b7deaee845..906fdaa5b77 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,23 +1,25 @@
 GIT
   remote: https://github.com/18F/identity-aamva-api-client-gem.git
-  revision: c7141277eabf96b011771e6ce5a1169b874cc905
-  tag: v4.1.0
+  revision: da308c1568d7f8f3d8aa41d0e2c0b42ad47dfccd
+  tag: v4.2.0
   specs:
-    aamva (4.1.0)
+    aamva (4.2.0)
       faraday
       hashie
       proofer (>= 2.7.1)
+      redacted_struct (>= 1.0.0)
       retries
       xmldsig
 
 GIT
   remote: https://github.com/18F/identity-doc-auth.git
-  revision: 3b2c5997a62d7bf5f6114a55d41180f4bd1ae18e
-  tag: v0.4.1
+  revision: 6e1c9aa766c51fd34064fb91f1289b7edb5735d1
+  branch: v0.5.0
   specs:
-    identity-doc-auth (0.4.1)
+    identity-doc-auth (0.5.0)
       activesupport
       faraday
+      redacted_struct (>= 1.0.0)
 
 GIT
   remote: https://github.com/18F/identity-hostdata.git
@@ -41,12 +43,14 @@ GIT
 
 GIT
   remote: https://github.com/18F/identity-lexisnexis-api-client-gem.git
-  revision: 0e22ac2518a724b63a928feb68197b203ea47660
-  tag: v3.1.1
+  revision: 005bd6a56ab6101ecb3b5b47d2648ed38b13ffa6
+  tag: v3.2.0
   specs:
-    lexisnexis (3.1.1)
+    lexisnexis (3.2.0)
       activesupport
       faraday
+      proofer
+      redacted_struct (>= 1.0.0)
 
 GIT
   remote: https://github.com/18F/identity-logging.git
@@ -556,6 +560,7 @@ GEM
       redis (>= 3.0, < 5.0)
     recaptcha (5.2.1)
       json
+    redacted_struct (1.1.0)
     redis (4.2.5)
     redis-session-store (0.11.3)
       actionpack (>= 3, < 7)
@@ -824,6 +829,7 @@ DEPENDENCIES
   raise-if-root
   readthis
   recaptcha
+  redacted_struct
   redis-session-store (>= 0.11.3)
   rotp (~> 6.1)
   rqrcode
diff --git a/app/services/document_capture_session_async_result.rb b/app/services/document_capture_session_async_result.rb
index c7e95648b9f..d8ecc7da6ee 100644
--- a/app/services/document_capture_session_async_result.rb
+++ b/app/services/document_capture_session_async_result.rb
@@ -1,7 +1,14 @@
 # frozen_string_literal: true
 
 # Used in async document capture flow by LambdaJobs::Runner/Idv::Proofer.document_job_class
-DocumentCaptureSessionAsyncResult = Struct.new(:id, :status, :result, :pii, keyword_init: true) do
+DocumentCaptureSessionAsyncResult = RedactedStruct.new(
+  :id,
+  :status,
+  :result,
+  :pii,
+  keyword_init: true,
+  allowed_members: [:id, :status, :result],
+) do
   self::IN_PROGRESS = 'in_progress'
   self::DONE = 'done'
   self::TIMED_OUT = 'timed_out'
diff --git a/app/services/document_capture_session_result.rb b/app/services/document_capture_session_result.rb
index e522609d6c1..b558f4c15fe 100644
--- a/app/services/document_capture_session_result.rb
+++ b/app/services/document_capture_session_result.rb
@@ -1,7 +1,13 @@
 # frozen_string_literal: true
 
 # This is used by hybrid doc auth capture
-DocumentCaptureSessionResult = Struct.new(:id, :success, :pii, keyword_init: true) do
+DocumentCaptureSessionResult = RedactedStruct.new(
+  :id,
+  :success,
+  :pii,
+  keyword_init: true,
+  allowed_members: [:id, :success],
+) do
   def self.redis_key_prefix
     'dcs:result'
   end
diff --git a/app/services/encryption/encryptors/pii_encryptor.rb b/app/services/encryption/encryptors/pii_encryptor.rb
index dafbf4b44f1..1675321ec4d 100644
--- a/app/services/encryption/encryptors/pii_encryptor.rb
+++ b/app/services/encryption/encryptors/pii_encryptor.rb
@@ -3,7 +3,7 @@ module Encryptors
     class PiiEncryptor
       include ::NewRelic::Agent::MethodTracer
 
-      Ciphertext = Struct.new(:encrypted_data, :salt, :cost) do
+      Ciphertext = RedactedStruct.new(:encrypted_data, :salt, :cost, allowed_members: [:cost]) do
         include Encodable
         class << self
           include Encodable
diff --git a/app/services/encryption/multi_region_kms_client.rb b/app/services/encryption/multi_region_kms_client.rb
index 4cf87338bdb..567ca746767 100644
--- a/app/services/encryption/multi_region_kms_client.rb
+++ b/app/services/encryption/multi_region_kms_client.rb
@@ -54,7 +54,11 @@ def encrypt_legacy(key_id, plaintext, encryption_context)
                             encryption_context: encryption_context).ciphertext_blob
     end
 
-    CipherData = Struct.new(:region_client, :resolved_ciphertext)
+    CipherData = RedactedStruct.new(
+      :region_client,
+      :resolved_ciphertext,
+      allowed_members: [:region_client],
+    )
 
     def find_available_region(regions)
       regions.each do |region, cipher|
diff --git a/app/services/encryption/password_verifier.rb b/app/services/encryption/password_verifier.rb
index 71ee6f0ff96..7ae2f833ea3 100644
--- a/app/services/encryption/password_verifier.rb
+++ b/app/services/encryption/password_verifier.rb
@@ -2,7 +2,7 @@ module Encryption
   class PasswordVerifier
     include ::NewRelic::Agent::MethodTracer
 
-    PasswordDigest = Struct.new(
+    PasswordDigest = RedactedStruct.new(
       :encrypted_password,
       :encryption_key,
       :password_salt,
diff --git a/app/services/encryption/uak_password_verifier.rb b/app/services/encryption/uak_password_verifier.rb
index 35ba5dd8ac3..ac46dc115f5 100644
--- a/app/services/encryption/uak_password_verifier.rb
+++ b/app/services/encryption/uak_password_verifier.rb
@@ -1,6 +1,6 @@
 module Encryption
   class UakPasswordVerifier
-    PasswordDigest = Struct.new(
+    PasswordDigest = RedactedStruct.new(
       :encrypted_password,
       :encryption_key,
       :password_salt,
diff --git a/app/services/pii/attributes.rb b/app/services/pii/attributes.rb
index 21290b1485e..a248976d365 100644
--- a/app/services/pii/attributes.rb
+++ b/app/services/pii/attributes.rb
@@ -3,7 +3,7 @@ module Pii
     :otp, # https://github.com/18F/identity-idp/pull/1661
   ].freeze
 
-  Attributes = Struct.new(
+  Attributes = RedactedStruct.new(
     :first_name, :middle_name, :last_name,
     :address1, :address2, :city, :state, :zipcode,
     :ssn, :dob, :phone,
diff --git a/app/services/request_password_reset.rb b/app/services/request_password_reset.rb
index 69423a014d8..8e951d1e259 100644
--- a/app/services/request_password_reset.rb
+++ b/app/services/request_password_reset.rb
@@ -1,4 +1,4 @@
-RequestPasswordReset = Struct.new(:email, :request_id) do
+RequestPasswordReset = RedactedStruct.new(:email, :request_id, allowed_members: [:request_id]) do
   def perform
     if user_should_receive_registration_email?
       form = RegisterUserEmailForm.new(password_reset_requested: true)
diff --git a/app/view_models/account_show.rb b/app/view_models/account_show.rb
index dc060426bb9..8b041ddb68e 100644
--- a/app/view_models/account_show.rb
+++ b/app/view_models/account_show.rb
@@ -144,16 +144,16 @@ def piv_cac_content
 
   private
 
-  PiiAccessor = Struct.new(:obfuscated,
-                           :full_name,
-                           :address1,
-                           :address2,
-                           :city,
-                           :state,
-                           :zipcode,
-                           :dob,
-                           :phone,
-                           keyword_init: true)
+  PiiAccessor = RedactedStruct.new(:obfuscated,
+                                   :full_name,
+                                   :address1,
+                                   :address2,
+                                   :city,
+                                   :state,
+                                   :zipcode,
+                                   :dob,
+                                   :phone,
+                                   keyword_init: true)
 
   def obfuscated_pii_accessor
     PiiAccessor.new(
diff --git a/lib/app_artifacts.rb b/lib/app_artifacts.rb
index 01f734a2471..4244ff7039b 100644
--- a/lib/app_artifacts.rb
+++ b/lib/app_artifacts.rb
@@ -20,7 +20,7 @@ def build(&block)
 
       yield self
 
-      Struct.new(*@artifacts.keys, keyword_init: true).new(**@artifacts)
+      RedactedStruct.new(*@artifacts.keys, keyword_init: true).new(**@artifacts)
     end
 
     # @param [Symbol] name