Are my prompts uploaded anywhere?

No. All sanitization runs locally in your browser using pattern matching. Nothing is sent to a server, which is exactly why it is safe to paste sensitive prompts here.

Common secrets and PII — OpenAI and Anthropic keys, AWS access keys, GitHub and Slack tokens, emails, phone numbers, credit card numbers, IP addresses, and internal URLs. You can toggle each category on or off.

Is pattern matching enough on its own?

No. Regex catches well-formed secrets and PII but misses paraphrased confidential context, project codenames, or unusual formats. Always read the sanitized output before sharing it.

Why does it accept a JSON array?

Many prompt libraries are stored as JSON arrays of strings. Pasting the array directly lets you sanitize an exported library in one pass instead of reformatting it line by line.

What replaces the redacted values?

Each match is replaced with a clear placeholder like [EMAIL], [OPENAI_KEY], or [URL]. The placeholders keep the prompt readable so a teammate understands what kind of value belonged there.

AI Prompt Library Sanitizer

AI prompt library sanitizer

Teams build up valuable prompt libraries, but the best real-world prompts are often full of things that should never be shared — live API keys, customer emails, internal hostnames, account numbers. This tool bulk-sanitizes a batch of prompts so you can publish or commit a clean, reusable library without leaking secrets or personal data. It runs entirely in your browser, so even the raw, sensitive input never leaves your machine.

How it works

Paste your prompts one per line, or drop in a JSON array of strings exported from an existing library. The tool detects the format, then applies a set of toggleable redaction rules: provider API keys (OpenAI, Anthropic, AWS), platform tokens (GitHub, Slack), emails, phone numbers, credit card numbers, IPv4 addresses, and internal URLs. Each match is swapped for a readable placeholder like [EMAIL] or [OPENAI_KEY], and live counts show how much each rule caught. Copy the result and you have a shareable library.

Tips and notes

Local only. Nothing is uploaded — that’s the point. Paste freely.
Read before you share. Regex catches formatted secrets, not paraphrased confidential context or project codenames. A human eyeball is the last filter.
Keep placeholders readable. [CARD] tells a teammate what kind of value belongs there, which makes the cleaned prompt still usable as a template.
Re-sanitize on export. Add it to your workflow whenever you publish a prompt library so newly added secrets don’t slip through.