The developer's record of things that never left the machine Price: $0 · MIT
Declassified · for immediate release

redacted

The secrets never reached the model, investigators confirm.

Click the black bar. That is the whole product.

A hook that redacts secrets from tool output before your AI coding assistant reads it. API keys, database URLs, and tokens are scrubbed on your machine, never in the context window.

$ curl -sSL https://raw.githubusercontent.com/svn-arv/redacted/main/install.sh | sh
Exhibit A — the same .env, two readersFig. 01
cat .env● 2 secrets intercepted
Before — straight to the modelDATABASE_URL=postgres://app:s3cr3t…@db.prod/app STRIPE_SECRET_KEY=sk_live_XXXXXXXXXXXXXXXXXX8STU APP_NAME=myapp
After — through redactedDATABASE_URL=[REDACTED:database_url .../app] STRIPE_SECRET_KEY=[REDACTED:stripe_live ...8STU] APP_NAME=myapp

The story

When an AI tool runs a command or reads a file, the full output lands in context. One cat .env, one stack trace, one debug dump, and your live credentials are on the wire. redacted gets there first: a PostToolUse hook scans the output, replaces matches inline, and hands the assistant the clean copy, never the original. You cannot un-send a token. This makes sure you never have to.

How it works

1 · Hook in

redacted init registers the hook. Every tool output (Bash, Read, Grep, WebFetch) runs through it.

2 · Scan & redact

Vendor signatures, credential-named keys, and an entropy scorer. Matches replaced inline, last 4 chars kept as a hint.

3 · Model sees clean

Nothing found? The output passes through untouched. Non-secret text is never modified.

Detection, three tiers

Provider signatures

AWS, GitHub, Stripe, OpenAI, Anthropic, Slack, Twilio and more. Near-zero false positives.

Credential-named keys

Any env var named SECRET, TOKEN, PASSWORD, API_KEY… gets its value redacted.

Entropy scorer

Unknown 16–128 char values, mixed case and digits, high Shannon entropy. Catches what no signature names.

"My production key is absolutely not in the context window."
— every redacted user, correctly
Index of the classified — 20+ patternshover to declassify
AWS GitHub Stripe OpenAI Anthropic Twilio Slack SendGrid HubSpot DigitalOcean GitLab Google npm PyPI Sentry New Relic CircleCI Private keys JWTs Database URLs
Runs offlineA single Go binary. No network calls, no telemetry, no account.
Fail-closedOn any error the output is withheld, never passed through raw.
Counts, not secretsStats record the timestamp, tool, and per-pattern counts. Never values.
Last-4 hint...8STU says which key fired without exposing it.

One line,
then redacted init.

# curl (recommended)
curl -sSL https://raw.githubusercontent.com/svn-arv/redacted/main/install.sh | sh
redacted init

# or Homebrew
brew tap svn-arv/tap && brew install redacted
redacted init

Stop trusting yourself to remember.

Wire it once. Every future cat .env is already handled.
Copied to clipboard