Secure text redaction for LLM interactions
CloakPrompt is a command-line tool that automatically detects and redacts sensitive information (API keys, passwords, emails, IPs, etc.) from text before sending it to Large Language Models (LLMs). This helps protect your privacy and security when using AI services.
- Comprehensive Pattern Detection: Pre-configured regex patterns for common sensitive data types
- Multiple Input Sources: Support for inline text, files, and stdin piping
- Custom Configuration: Extend or override default patterns with your own security rules
- Rich Output: Beautiful terminal interface with progress indicators and detailed reporting
- Production Ready: Well-tested, documented, and maintainable code
- Privacy First: No data is sent to external services - all processing happens locally
# Clone the repository
git clone https://github.com/Kushagratandon12/cloakprompt-cli.git
cd cloakprompt-cli
# Install dependencies
pip install -r requirements.txt
# Install the package
pip install -e .# Redact inline text
cloakprompt redact --text "my secret key is AKIA1234567890ABCDEF"
# Redact a file
cloakprompt redact --file config.log
# Redact from stdin (piped input)
echo "secret data" | cloakprompt redact --stdin
# Use custom configuration
cloakprompt redact --file app.log --config security.yaml
cloakprompt redact [OPTIONS]| Option | Short | Description |
|---|---|---|
--text TEXT |
-t |
Text to redact (inline) |
--file PATH |
-f |
File to redact |
--stdin |
Read from stdin (piped input) | |
--config PATH |
-c |
Custom configuration file |
--verbose |
-v |
Enable verbose logging |
--quiet |
-q |
Suppress all output except errors |
--summary |
-s |
Show pattern summary and exit |
--details |
-d |
Show detailed redaction information |
cloakprompt redact --text "My AWS key is AKIA1234567890ABCDEF and password is secret123"Output:
π CLOAKPROMPT
Secure text redaction for LLM interactions
β Redacted 2 sensitive items
My AWS key is <REDACT_AWS_ACCESS_KEY> and password is <REDACT_PASSWORD>
cloakprompt redact --file application.logcloakprompt redact --file config.yaml --config my-security-rules.yamlcat sensitive.log | cloakprompt redact --stdincloakprompt patternscloakprompt redact --text "secret data" --detailsCloakPrompt comes with pre-configured patterns for:
- API Keys: OpenAI, Google, Stripe, GitHub, Slack, etc.
- AWS Credentials: Access keys, secret keys
- Database URLs: PostgreSQL, MySQL, Redis, MongoDB, etc.
- Tokens: JWT, OAuth, Personal Access Tokens
- Kubernetes: Configs, secrets, service accounts
- SSH Keys: Private key files
- Cloud Provider Keys: Azure, GCP, DigitalOcean, etc.
- PII: Emails, phone numbers, IP addresses, credit cards
- Generic Secrets: Base64 encoded data, long random strings
The tool uses cloakprompt/config/regex_cleanup.yaml by default, which contains comprehensive patterns for common sensitive data types.
Create your own security.yaml file to extend or override default patterns:
# Example custom security.yaml
patterns:
CUSTOM_PATTERNS:
description: "Custom patterns for my organization"
rules:
- name: internal_api_key
placeholder: <REDACT_INTERNAL_API_KEY>
regex: '\binternal[_-]?api[_-]?key\s*[:=]\s*["'']?[A-Za-z0-9_\-]{20,}["'']?\b'
- name: company_secret
placeholder: <REDACT_COMPANY_SECRET>
regex: '\bcompany[_-]?secret\s*[:=]\s*["'']?[A-Za-z0-9!@#$%^&*()_+=-]{8,}["'']?\b'Custom configurations are merged with the default configuration:
- New categories are added
- Existing rules are updated if they have the same name
- New rules are appended to existing categories
cloakprompt/
βββ cli.py # CLI entry point (Typer)
βββ core/
β βββ parser.py # YAML configuration parser
β βββ redactor.py # Text redaction engine
βββ utils/
β βββ file_loader.py # Input handling utilities
βββ config/
βββ regex_cleanup.yaml # Default patterns
ConfigParser: Loads and merges YAML configuration filesTextRedactor: Applies regex patterns to redact sensitive informationInputLoader: Handles different input sources (text, file, stdin)CLI: Orchestrates the redaction process with rich terminal output
# Install test dependencies
pip install pytest pytest-cov
# Run tests
pytest
# Run with coverage
pytest --cov=cloakpromptβββ cloakprompt/ # Main package
β βββ __init__.py # Package initialization
β βββ cli.py # CLI entry point
β βββ core/ # Core functionality
β β βββ __init__.py
β β βββ parser.py # Configuration parser
β β βββ redactor.py # Text redactor
β βββ utils/ # Utility functions
β β βββ __init__.py
β β βββ file_loader.py # Input handling
β βββ config/ # Configuration files
β βββ regex_cleanup.yaml
βββ requirements.txt # Dependencies
βββ setup.py # Installation script
βββ README.md # This file
- Edit
cloakprompt/config/regex_cleanup.yaml - Add new rules under appropriate categories
- Test with sample data
- Update documentation if needed
The project uses:
- Type hints for better code quality
- Comprehensive docstrings for all functions
- Logging for debugging and monitoring
- Error handling for robust operation
- Unit tests for reliability
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
- Issues: GitHub Issues
- Documentation: GitHub README
- All processing happens locally - no data is sent to external services
- Regex patterns are designed to catch common sensitive data formats
- Custom configurations allow organization-specific security rules
- The tool is open source for transparency and community review
Built with β€οΈ for privacy and security in AI interactions