Simple. Automatic. Zero effort.
Paste your code
Paste code containing secrets into any AI chat — ChatGPT, Claude, Gemini, Grok, or your custom sites
Auto-detect secrets
70+ regex patterns instantly catch API keys, tokens, credentials & private data
Masked & safe
Secrets replaced with safe placeholders before sending — originals saved to your local vault
Smart Restore
Copy any AI response with placeholders — originals are automatically put back in your clipboard
Install once, never think about it again.
Instant Interception
Secrets are caught before they ever reach the chat
Encrypted Vault
Originals saved locally with AES-GCM, unmask anytime
Smart Restore
Copy AI responses with placeholders — secrets auto-restored in your clipboard
Pattern Controls
Toggle any pattern on/off — zero false-positive headaches
Custom Sites
Add any website you want to protect, one click
Stats Dashboard
Track blocks per day with history
Test Mode
See what gets masked before you paste for real
Backup & Restore
Export/import config as JSON
Zero Dependencies
No libs, no bloat, fully open source
Credentials
- Passwords & bearer tokens
- JWTs, OTPs, OAuth tokens
- .env key-value pairs
API Keys
- AWS, GCP, Azure
- OpenAI, Anthropic, Groq
- Stripe, GitHub, Slack
Infrastructure
- Postgres, MongoDB, Redis URLs
- Firebase, Vercel, Supabase
- NPM, PyPI, Shopify tokens
Private Data
- RSA, SSH, PGP private keys
- Aadhaar, PAN, UPI, credit cards
- High-entropy secrets
70+ detection patterns — toggle any on/off from the popup. No false-positive headaches. Custom patterns coming soon.
If you live in AI chats and hate the “did I just leak my prod key?” moment — this is for you.
Why I built this
A security incident in December 2025, a growing habit I spotted in myself, and a belief that the right answer is zero trust — not less trust.
The moment that started it
In December 2025, researchers discovered that Chrome extensions with millions of users — including some with Google's "Featured" badge — were silently harvesting every AI conversation and selling the data to brokers. The attack was later called "Prompt Poaching."
Meanwhile, I realised developers paste API keys, database URLs, and credentials into AI chats every day without thinking twice. Once sent, that data is logged — often permanently. Two separate problems. One shared root: your private data leaving your machine without your knowledge.
I wanted to build something that worked the opposite way. No servers. No cloud. No trust required.
Built on three principles
Every pattern match runs in your browser. Secrets are stored in AES-GCM encrypted local storage. Zero bytes travel to any server — ever. Disable Wi-Fi and it still works.
Every line is on GitHub under MIT. No minification to hide logic. No build step that could swap in malicious code. Read, fork, and audit exactly what runs in your browser.
View source on GitHub →No analytics. No telemetry. No cookies. No sign-up. The extension has no way to phone home — there’s no server to call. Privacy isn’t a checkbox; it’s the entire architecture.
Don't trust us — verify
No servers, no tracking, no trust required. Read the source yourself.
No Network Requests
Zero outbound calls, ever
Works Offline
Disable Wi-Fi. It still works.
No Tracking
No analytics, telemetry, or cookies
Fully Open Source
MIT licensed. Read every line.
Watch the full demo
Loved by developers & indie builders
Nice build. Local-first + open source is exactly what security tools should aim for.
Honestly, that is such a smart idea. Lately when I'm building, I feel naked with my API keys. Great job, I love it!
Such a smart idea! Protecting secrets before they ever leave your machine just makes sense.
Really cool project and could definitely save some people. I've gotten close with my .env, I hate to admit!
Secret Sanitizer is a brilliant safeguard. Auto-masking secrets locally before they hit AI chats keeps everything secure without the cloud risk. Love the open-source vibe!
This is genuinely useful. The number of times I've had that split-second panic after pasting something into ChatGPT is way too high. Love that it's fully local and open source. No way I'd trust a closed-source tool that scans my clipboard!
This is actually so useful. I've definitely pasted stuff I shouldn't have into AI chats before. Congrats on the launch!
SecretSanitizer is a really smart and practical solution. Protecting sensitive data, such as API keys, in AI workflows is more important than ever. Simple, focused, and highly relevant for today's security challenges, great concept and execution!
Nice build. Local-first + open source is exactly what security tools should aim for.
Honestly, that is such a smart idea. Lately when I'm building, I feel naked with my API keys. Great job, I love it!
Such a smart idea! Protecting secrets before they ever leave your machine just makes sense.
Really cool project and could definitely save some people. I've gotten close with my .env, I hate to admit!
Secret Sanitizer is a brilliant safeguard. Auto-masking secrets locally before they hit AI chats keeps everything secure without the cloud risk. Love the open-source vibe!
This is genuinely useful. The number of times I've had that split-second panic after pasting something into ChatGPT is way too high. Love that it's fully local and open source. No way I'd trust a closed-source tool that scans my clipboard!
This is actually so useful. I've definitely pasted stuff I shouldn't have into AI chats before. Congrats on the launch!
SecretSanitizer is a really smart and practical solution. Protecting sensitive data, such as API keys, in AI workflows is more important than ever. Simple, focused, and highly relevant for today's security challenges, great concept and execution!
Featured on Chrome Web Store
Paste freely. Ship faster.
Free, open source, installs in 5 seconds. No sign-up, no cloud, no nonsense.
Add to Chrome — FreeFrequently asked
Does Secret Sanitizer send my data anywhere?
No. It runs entirely in your browser and makes zero network requests — there is no server to send data to. Your secrets never leave your machine. You can verify this by reading the source code or using it offline.
Which AI sites does it work on?
ChatGPT, Claude, Gemini, Grok, and other popular AI chat sites are supported out of the box. You can also add any custom website in the extension settings.
How is this different from just being careful?
Humans miss things — especially in large config files or logs. Secret Sanitizer automatically scans for 70+ secret patterns (API keys, tokens, passwords, database URLs) the instant you paste. It catches what you overlook, every time, without slowing you down.
Questions or suggestions?
Found a bug, have a feature idea, or just want to say hi — reach out any time.