diff --git a/src/auth_basic.rs b/src/auth_basic.rs
index 4603b32..0bc95ba 100644
--- a/src/auth_basic.rs
+++ b/src/auth_basic.rs
@@ -37,9 +37,19 @@ use http::{request::Parts, StatusCode};
 /// - \`Authorization\` header must be for basic authentication – Someone tried to use bearer auth instead of basic auth
 /// - \`Authorization\` header is missing – The header was required but it wasn't found
 /// - \`Authorization\` header contains invalid characters – The header couldn't be processed because of invalid characters
-#[derive(Debug, PartialEq, Eq, Clone)]
+#[derive(PartialEq, Eq, Clone)]
 pub struct AuthBasic(pub (String, Option<String>));
 
+/// Manually implement Debug for AuthBasic to prevent password from being accidentally printed
+impl std::fmt::Debug for AuthBasic {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        f.debug_struct("AuthBasic")
+            .field("id", &self.0 .0)
+            .field("password", &"********")
+            .finish()
+    }
+}
+
 #[async_trait]
 impl<B> FromRequestParts<B> for AuthBasic
 where
diff --git a/src/lib.rs b/src/lib.rs
index 6078621..1c30b04 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -61,7 +61,7 @@ pub(crate) trait DecodeRequestParts: Sized {
 }
 
 /// Gets the auth header from [Parts] of the request or errors with [ERR_CHARS] or [ERR_MISSING] if wrong
-pub(crate) fn get_header(parts: &mut Parts, err_code: StatusCode) -> Result<&str, Rejection> {
+pub(crate) fn get_header(parts: &Parts, err_code: StatusCode) -> Result<&str, Rejection> {
     parts
         .headers
         .get(AUTHORIZATION)