PII & Secret Stripper — Redact Sensitive Data Locally, Before the LLM Sees It
Redact API keys, tokens, passwords and emails from any text — instantly and entirely in your browser.
Code or text to clean
Redacted output
How it works
Paste code or text into the editor. The stripper runs dozens of detection patterns — AWS keys, OpenAI and Anthropic tokens, JWTs, private keys, emails, IP addresses — entirely in your browser. Detected secrets are masked instantly; copy the clean output and paste it into any LLM with no risk of leaking credentials.
Why redact secrets before prompting an LLM?
Pasting code or logs into a chatbot is convenient — but a single AWS key, database password or customer email in that text ends up inside a third-party prompt, possibly logged or used for training. Redacting locally first lets you get the model help without ever exposing a live credential. Each secret is swapped for a clear label, so the LLM still understands the code or text.
FAQ
- Is my code or text uploaded to a server?
- No. Every detection pattern runs locally in your browser in JavaScript — your code and secrets never leave your device. The page only sends an anonymous usage counter (the tool name and the input size), never the text itself.
- What kinds of secrets does it detect?
- AWS access keys, OpenAI / Anthropic / GitHub / Google / Stripe API keys, JWTs, private-key blocks, bearer tokens, generic key=value assignments, email addresses and IPv4 addresses.
- Is there a size limit?
- Only your device memory. With no server involved you can scan large files; redaction runs in milliseconds even for thousands of lines of code.
- Will redacting break my prompt?
- No. Secrets are replaced with clear labels such as [AWS_ACCESS_KEY_REDACTED], so the LLM keeps the full structure and context without ever seeing the real value.