Security●●Solid
Chrome extension that blocks API keys from being pasted into AI tools
Local regex scanning blocks secrets before they hit ChatGPT, unlike cloud-based DLP tools.
Solve My Problem
shiqingao
5221d ago
Back to browse
GitHub Repository
Chrome extension that masks secrets & sensitive data before pasting into AI chats. Works with ChatGPT, Claude, Gemini & more. 100% local, privacy-first.
6 starsJavaScript
Secret Sanitizer – auto-masks secrets when you paste into AI chats
by souvikghosh957·Feb 22, 2026·1 point·0 comments
AI Analysis
●●●BangerSolve My ProblemSlick
Intercepts pastes, masks 30+ secret types locally—zero network requests or tracking.
Strengths
- •Solves a real friction point: developers accidentally leaking API keys to ChatGPT daily.
- •Local regex + AES-256 encryption means no trust required; audit the code directly.
- •Supports ChatGPT, Claude, Gemini, and custom sites—broad coverage without vendor lock-in.
Weaknesses
- •Pattern-based detection can miss context-specific secrets or produce false positives.
- •Chrome extension only; no Firefox, Safari, or multi-browser support yet.
Category
Target Audience
Developers debugging code in AI chats
Similar To
1Password's watchtower alerts · GitGuardian · detect-secrets CLI tool
Post Description
I kept pasting code with hardcoded API keys, database credentials, and auth tokens into ChatGPT while debugging. Copy a failing function, paste it into AI, and realise your AWS secret key or Stripe token was right there in the snippet.
So I built (with some help from Claude) a simple Chrome extension that intercepts the paste, detects secrets using local regex, and replaces them with [MASKED] before they reach the chat. Originals stay in a local AES-256 encrypted vault for unmasking.
No servers. No network requests. No tracking. ~41 KB, zero dependencies. Don't take my word for it: 'grep -r "fetch\|XMLHttpRequest" content_script.js' returns nothing.
Works on ChatGPT, Claude, Gemini, Grok, Perplexity, DeepSeek, and any custom site you add. Supports 30+ patterns — AWS keys, GitHub tokens, JWTs, Stripe keys, database URLs, private keys, and more. You can toggle individual patterns off for false positives.
Open source, MIT licensed. With the recent news about extensions harvesting AI conversations, I figured more devs could use this.
Would love feedback — especially on patterns I might be missing or edge cases you hit.
Similar Projects
Infrastructure●●Solid
Kloak, A secret manager that keeps K8s workload away from secrets
eBPF network interception beats sidecars for zero-code secret injection.
WizardryNiche Gem
neo2006
63521mo ago
Security●●Solid
Created a tool that prevents accidental pasting of PII in AI prompts
Four-pass detection with deterministic fakes beats simple regex redaction tools.
Solve My ProblemShip It
thomscoder
102mo ago
Security●●Solid
Prompt Guard–MitM proxy that blocks secrets before they reach AI APIs
MITM proxy catches leaked secrets before they hit AI APIs — better than post-hoc scanning.
Solve My ProblemNiche Gem
chaudharydeepak
352mo ago
Security●●Solid
SecretDrop – Open-source encrypted secret sharing (MIT)
Drop-in Slack alternative with verifiable crypto, but one-time secret sharing exists.
Ship ItSolve My Problem
vigo
303mo ago
Security●●Solid
Quell, a local security layer to stop AI IDEs leaking your secrets
Local secret redaction for AI IDEs when cloud-based scanners can't intercept prompts.
Solve My ProblemNiche Gem
Sonofg0tham
212mo ago