Secrets Redactor
Auto-redact API keys, tokens, passwords, and connection strings from code and logs before sharing
You need to share a log file, error output, or config snippet with a colleague or in a bug report, but it contains API keys, database passwords, or tokens. This tool automatically detects and replaces secrets with [REDACTED] — entirely in your browser.
What Gets Redacted
- API keys: AWS, Google, Stripe, GitHub, OpenAI, npm, Slack, Twilio, SendGrid
- Tokens: JWT tokens (
eyJ...), Bearer tokens, OAuth tokens - Credentials: Values after
password=,secret=,api_key=,token=,auth= - Connection strings: PostgreSQL, MySQL, MongoDB, Redis URLs (credentials portion)
- Private key blocks: RSA, EC, DSA, OpenSSH private keys (entire block)
- Optional: Email addresses, IP addresses (toggle on/off)
How It Works
- Paste your text in the left panel
- The redacted version appears instantly in the right panel
- Toggle categories on/off to control what gets redacted
- Choose your redaction style:
[REDACTED],***,<REMOVED>, or custom - Copy or download the redacted text
Frequently Asked Questions
Why not just find-and-replace manually?
Manual redaction is error-prone. You might miss a secret buried in a long log file, or forget that a JWT token starting with eyJ contains Base64-encoded user data. Automated pattern matching catches what humans miss.
Can I customize what gets redacted? Toggle each detection category independently. API keys, tokens, credentials, connection strings, private keys, emails, and IPs each have their own switch.
Is this the same as the .env Secret Scanner? The Secret Scanner detects and reports secrets with line numbers and severity. The Secrets Redactor replaces them in-place and gives you a clean copy ready to share.