Prompt Secret Scrubber

Detect and redact AWS keys, OpenAI keys, GitHub tokens, JWTs, Stripe keys, and private SSH keys before pasting a prompt into ChatGPT, Claude, or Gemini. Pure regex, runs entirely in your browser — nothing is uploaded.

Paste the prompt, log, or snippet you want to send to ChatGPT, Claude, or Gemini0 / 20,000 chars

Scanning is a pure-JavaScript regex pass running in this tab. Your text is never sent anywhere.

How It Works

Paste your prompt

Drop in your draft email, stack trace, .env paste, terraform output, or any prompt up to 20,000 characters. Nothing is sent anywhere.

Click Scrub secrets

A deterministic gitleaks-style regex pass runs in this tab — no AI model download, no network call, no telemetry.

Review findings

Each secret is replaced with a stable [REDACTED_KIND_N] placeholder. The findings table shows kind + 4-char-prefix / 4-char-suffix preview only.

Copy & rotate

Copy the scrubbed text into ChatGPT, Claude, or Gemini. Rotate any secret that had previously leaked into chat logs or emails.

What the Prompt Secret Scrubber Detects

The scrubber ships a deterministic ruleset modelled on gitleaks and Trufflehog. Every rule runs entirely in your browser — there is no AI model download, no telemetry, and no network call. Each detected secret is replaced with a stable [REDACTED_KIND_N] placeholder so you can paste a clean prompt into any LLM tool while still being able to eyeball what was matched.

Provider / Kind	Format	Placeholder
AWS access key ID	`AKIA / ASIA / AROA / AIDA / AGPA / AIPA / ANPA / ANVA` + 16 chars	`[REDACTED_AWS_ACCESS_KEY_n]`
AWS secret access key	`aws_secret_access_key = …` 40-char Base64	`[REDACTED_AWS_SECRET_KEY_n]`
Google API key	`AIza` + 35 chars	`[REDACTED_GCP_API_KEY_n]`
GCP service-account private key	`"private_key": "-----BEGIN…"`	`[REDACTED_GCP_SERVICE_ACCOUNT_n]`
Azure connection string	`DefaultEndpointsProtocol=… / AccountKey=…`	`[REDACTED_AZURE_KEY_n]`
OpenAI API key	`sk-…` / `sk-proj-…`	`[REDACTED_OPENAI_KEY_n]`
Anthropic API key	`sk-ant-…`	`[REDACTED_ANTHROPIC_KEY_n]`
Stripe live key	`sk_live_… / pk_live_… / rk_live_…`	`[REDACTED_STRIPE_LIVE_KEY_n]`
Stripe test key	`sk_test_… / pk_test_… / rk_test_…`	`[REDACTED_STRIPE_TEST_KEY_n]`
GitHub token	`ghp_ / gho_ / ghu_ / ghs_ / ghr_ / github_pat_`	`[REDACTED_GITHUB_TOKEN_n]`
GitLab token	`glpat-…`	`[REDACTED_GITLAB_TOKEN_n]`
Slack token / webhook	`xoxb / xoxp / xoxa / xoxr` · hooks.slack.com/services/…	`[REDACTED_SLACK_TOKEN_n]`
Discord webhook	`discord.com/api/webhooks/…`	`[REDACTED_DISCORD_WEBHOOK_n]`
Twilio API key	`SK` + 32 hex	`[REDACTED_TWILIO_KEY_n]`
SendGrid API key	`SG.<id>.<secret>`	`[REDACTED_SENDGRID_KEY_n]`
Mailgun API key	`key-` + 32 hex	`[REDACTED_MAILGUN_KEY_n]`
npm token	`npm_` + 36 alphanumeric	`[REDACTED_NPM_TOKEN_n]`
JSON Web Token (JWT)	`eyJ….eyJ….<sig>`	`[REDACTED_JWT_n]`
Private key (PEM)	`-----BEGIN … PRIVATE KEY-----` (RSA / EC / DSA / OpenSSH / PGP / encrypted)	`[REDACTED_PRIVATE_KEY_n]`
Bearer / Authorization header	`Bearer <token>`	`[REDACTED_BEARER_TOKEN_n]`
Generic key assignment	`api_key = "…" / client_secret: "…"`	`[REDACTED_GENERIC_API_KEY_n]`

How to Use the Prompt Secret Scrubber

Paste the prompt, log snippet, stack trace, .env file, terraform output, or diff into the input area.
Click Scrub secrets. The deterministic regex pass runs in a single browser tick.
Review the findings table — each detected secret shows up with its placeholder, its kind, and a short masked preview (first 4 / last 4 characters).
Click Copy scrubbed text and paste the result into ChatGPT, Claude, Gemini, or any other AI assistant.
Click Reset when you are done. The input is cleared and nothing about the secret values persists.
If any secret had been leaked before scrubbing (chat logs, emails, LLM history), open the provider's dashboard and rotate it.

Key Features

Deterministic regex pass — no AI model, no statistical guesswork. Either a string matches a known token format or it does not.
20+ provider rules — AWS, GCP, Azure, OpenAI, Anthropic, Stripe, GitHub, GitLab, Slack, Discord, Twilio, SendGrid, Mailgun, npm, plus JWTs and PEM private keys.
Stable placeholders — every secret becomes [REDACTED_KIND_N], so multiple references to the same secret get an identifiable label without revealing the underlying value.
Findings preview only — the table shows just the first 4 and last 4 characters of each match so you can verify the scrubber caught what you expected. The full secret is never stored or transmitted.
Zero network call — no model download, no telemetry, no analytics. Works offline once the page is loaded.
20,000-character limit — enough for most .env files, stack traces, diffs, and prompts.

When to Use the Prompt Secret Scrubber

Debugging with ChatGPT or Claude — paste a stack trace or log snippet without dragging your AWS keys, JWT bearer tokens, or DB connection strings along.
Reviewing terraform output — strip access keys, service-account blobs, and connection strings before asking an AI to summarise infrastructure state.
Cleaning a .env paste — let an AI lint or refactor environment files without leaking the values.
Sharing CI / pipeline output — bearer tokens, OAuth tokens, and webhook URLs are common in job logs; scrub them before asking an AI for help.
Documentation drafting — paste a README with example credentials and the scrubber redacts them before you ask an AI to polish the prose.
Compliance reviews (SOC 2, ISO 27001) — provides a documentable in-browser path for staff who need to use external LLMs with internal artefacts.

Why a Regex Pass Is Enough for Most Secrets

Most cloud providers issue credentials with a fixed, recognisable prefix and length: AWS access keys start with AKIA / ASIA, OpenAI keys with sk-, GitHub tokens with ghp_, Stripe live keys with sk_live_, and so on. That makes regex extraordinarily effective for the high-value 90% of secret types — exactly the same approach used by gitleaks, Trufflehog, and GitHub's own push-protection. The trade-off is that the scrubber will not catch bespoke company-internal tokens that follow no public format, so always skim the scrubbed text before pasting.

How This Pairs With Our Other Privacy Tools

PII Masker for AI Prompts — handles personal identifiers (names, emails, phones, SSNs, credit cards) and supports restoring the AI's reply back to real values. Run it after the Secret Scrubber for the strongest coverage.
Document PII Redactor (coming soon) — full .txt / .md / .docx / .pdf redaction with the same fully-local stack.
Private Document Q&A (coming soon) — on-device RAG so you can ask questions over an internal document without uploading it.

What This Tool Cannot Do

Un-leak a secret. If a token has already entered an LLM provider's chat history, rotate it. The scrubber prevents the next leak.
Match every custom token. Internal company tokens with no public format will pass through. Skim the scrubbed output.
Replace a real secret scanner in CI. Use gitleaks or Trufflehog in your build pipeline. This page is for the prompt layer — the last mile before a value reaches ChatGPT.

Frequently Asked Questions

Is my text uploaded anywhere?

No. The scrubber is a pure JavaScript regex pass running in this browser tab. The text you paste, the matches it finds, and the scrubbed output never cross the network. No AI model download, no telemetry call.

What kinds of secrets does it detect?

AWS keys, GCP API keys and service-account JSON, Azure connection strings, OpenAI and Anthropic keys, Stripe live/test keys, GitHub and GitLab tokens, Slack/Discord webhooks and tokens, Twilio / SendGrid / Mailgun / npm tokens, JWTs, RSA / EC / DSA / OpenSSH / PGP private-key PEM blocks, bearer tokens, and generic api_key = … assignments.

Is regex enough to catch every secret?

Regex is excellent at catching well-known token formats but will miss bespoke company-internal tokens with no public format. Treat the scrubber as a strong defensive first pass — skim the output before pasting.

Do the secrets get logged or stored?

No. Originals stay only inside the textarea on this page; the findings table shows just a 4-char prefix + 4-char suffix preview so you can sanity-check matches. Nothing is written to localStorage, sessionStorage, IndexedDB, or any server.

How is this different from your PII Masker?

The PII Masker targets personal identifiers and supports restoring the AI reply. The Secret Scrubber targets machine credentials and intentionally does NOT keep a restoration map — secrets should never round-trip back into a prompt.

Does it work offline?

Yes. There is no AI model and no network call. Open the page once and every subsequent scrub runs locally even with no internet.

If I paste a secret here, is it already compromised?

Not from this tool — text never leaves your browser. But if a secret was previously pasted into chat logs, email, or LLM history, rotate it. The scrubber prevents the next leak, not a previous one.

Can I scrub a multi-file diff or .env paste?

Yes — the input accepts up to 20,000 characters. For larger files use the upcoming Document PII Redactor.

Privacy & Security

The Prompt Secret Scrubber is a pure-JavaScript regex pass. There is no AI model download, no telemetry, and no network call at any point — the ruleset ships with the page and every scan runs locally in your browser. The original secret values exist only inside the textarea on this page; the findings table shows just a 4-character prefix and 4-character suffix preview. Click Reset (or close the tab) and every trace is gone.