Secret Redactor
Remove obvious secrets while keeping the structure you still need to share
Safety note: Detection is heuristic. Review the redacted output before sharing it. Everything runs locally in your browser.
Redact secrets
Use allow-list keys to preserve fields like request IDs that should stay visible.
What This Tool Redacts
The redactor looks for high-signal secrets such as bearer tokens, API keys, cookies, private key blocks, common secret field names, and sensitive query-string values. Structured JSON and YAML inputs are redacted by field path where possible.
How to Use the Secret Redactor
- Paste the content you plan to share.
- Use Auto-detect or force JSON, YAML, .env, headers, or plain text mode.
- Optionally allow-list safe keys that should remain visible.
- Review the redacted output and the redaction list before you copy it elsewhere.
What to Review Before Sharing
- Secrets in screenshots or stack traces that were not pasted as text.
- Business-sensitive identifiers that are not strictly secret but still should not leave your system.
- Nested values inside unusual formats that need a manual second pass.
- Any output where the tool reports that no obvious secrets were found.
FAQ
Does this guarantee safe sharing?
No. It is a practical browser-side helper, not a compliance guarantee. Review the output before you share it.
Can I preserve request IDs or trace IDs?
Yes. Add them to the allow-list so those keys stay visible in structured or key-value inputs.
Is my input uploaded anywhere?
No. All parsing and redaction stays in your browser.