Secure text redaction for LLM interactions
Project description
๐ CloakPrompt CLI
Secure text redaction for LLM interactions
CloakPrompt is a command-line tool that automatically detects and redacts sensitive information (API keys, passwords, emails, IPs, etc.) from text before sending it to Large Language Models (LLMs). This helps protect your privacy and security when using AI services.
โจ Features
- Comprehensive Pattern Detection: Pre-configured regex patterns for common sensitive data types
- Multiple Input Sources: Support for inline text, files, and stdin piping
- Custom Configuration: Extend or override default patterns with your own security rules
- Rich Output: Beautiful terminal interface with progress indicators and detailed reporting
- Production Ready: Well-tested, documented, and maintainable code
- Privacy First: No data is sent to external services - all processing happens locally
๐ Quick Start
Installation
# Clone the repository
git clone https://github.com/Kushagratandon12/cloakprompt-cli.git
cd cloakprompt-cli
# Install the package with dependencies
pip install -e .
# Or install with development dependencies
pip install -e ".[dev]"
Basic Usage
# Redact inline text
cloakprompt redact --text "my secret key is AKIA1234567890ABCDEF"
# Redact a file
cloakprompt redact --file config.log
# Redact from stdin (piped input)
echo "secret data" | cloakprompt redact --stdin
# Use custom configuration
cloakprompt redact --file app.log --config security.yaml
๐ Detailed Usage
Command Structure
cloakprompt redact [OPTIONS]
Options
| Option | Short | Description |
|---|---|---|
--text TEXT |
-t |
Text to redact (inline) |
--file PATH |
-f |
File to redact |
--stdin |
Read from stdin (piped input) | |
--config PATH |
-c |
Custom configuration file |
--verbose |
-v |
Enable verbose logging |
--quiet |
-q |
Suppress all output except errors |
--summary |
-s |
Show pattern summary and exit |
--details |
-d |
Show detailed redaction information |
Examples
1. Redact Inline Text
cloakprompt redact --text "My AWS key is AKIA1234567890ABCDEF and password is secret123"
Output:
๐ CLOAKPROMPT
Secure text redaction for LLM interactions
โ Redacted 2 sensitive items
My AWS key is <REDACT_AWS_ACCESS_KEY> and password is <REDACT_PASSWORD>
2. Redact File Content
cloakprompt redact --file application.log
3. Redact with Custom Configuration
cloakprompt redact --file config.yaml --config my-security-rules.yaml
4. Redact from Stdin
cat sensitive.log | cloakprompt redact --stdin
5. Show Pattern Summary
cloakprompt patterns
6. Show Redaction Details
cloakprompt redact --text "secret data" --details
๐ก๏ธ Supported Patterns
CloakPrompt comes with pre-configured patterns for:
- API Keys: OpenAI, Google, Stripe, GitHub, Slack, etc.
- AWS Credentials: Access keys, secret keys
- Database URLs: PostgreSQL, MySQL, Redis, MongoDB, etc.
- Tokens: JWT, OAuth, Personal Access Tokens
- Kubernetes: Configs, secrets, service accounts
- SSH Keys: Private key files
- Cloud Provider Keys: Azure, GCP, DigitalOcean, etc.
- PII: Emails, phone numbers, IP addresses, credit cards
- Generic Secrets: Base64 encoded data, long random strings
โ๏ธ Configuration
Default Configuration
The tool uses cloakprompt/config/regex_cleanup.yaml by default, which contains comprehensive patterns for common sensitive data types.
Custom Configuration
Create your own security.yaml file to extend or override default patterns:
# Example custom security.yaml
patterns:
CUSTOM_PATTERNS:
description: "Custom patterns for my organization"
rules:
- name: internal_api_key
placeholder: <REDACT_INTERNAL_API_KEY>
regex: '\binternal[_-]?api[_-]?key\s*[:=]\s*["'']?[A-Za-z0-9_\-]{20,}["'']?\b'
- name: company_secret
placeholder: <REDACT_COMPANY_SECRET>
regex: '\bcompany[_-]?secret\s*[:=]\s*["'']?[A-Za-z0-9!@#$%^&*()_+=-]{8,}["'']?\b'
Configuration Merging
Custom configurations are merged with the default configuration:
- New categories are added
- Existing rules are updated if they have the same name
- New rules are appended to existing categories
๐๏ธ Architecture
cloakprompt/
โโโ cli.py # CLI entry point (Typer)
โโโ core/
โ โโโ parser.py # YAML configuration parser
โ โโโ redactor.py # Text redaction engine
โโโ utils/
โ โโโ file_loader.py # Input handling utilities
โโโ config/
โโโ regex_cleanup.yaml # Default patterns
Core Components
ConfigParser: Loads and merges YAML configuration filesTextRedactor: Applies regex patterns to redact sensitive informationInputLoader: Handles different input sources (text, file, stdin)CLI: Orchestrates the redaction process with rich terminal output
๐งช Testing
# Install test dependencies
pip install pytest pytest-cov
# Run tests
pytest
# Run with coverage
pytest --cov=cloakprompt
๐ฆ Development
Project Structure
โโโ cloakprompt/ # Main package
โ โโโ __init__.py # Package initialization
โ โโโ cli.py # CLI entry point
โ โโโ core/ # Core functionality
โ โ โโโ __init__.py
โ โ โโโ parser.py # Configuration parser
โ โ โโโ redactor.py # Text redactor
โ โโโ utils/ # Utility functions
โ โ โโโ __init__.py
โ โ โโโ file_loader.py # Input handling
โ โโโ config/ # Configuration files
โ โโโ regex_cleanup.yaml
โโโ pyproject.toml # Project configuration and dependencies
โโโ setup.py # Installation script (minimal, for backward compatibility)
โโโ README.md # This file
Adding New Patterns
- Edit
cloakprompt/config/regex_cleanup.yaml - Add new rules under appropriate categories
- Test with sample data
- Update documentation if needed
Code Quality
The project uses:
- Type hints for better code quality
- Comprehensive docstrings for all functions
- Logging for debugging and monitoring
- Error handling for robust operation
- Unit tests for reliability
๐ค Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ Support
- Issues: GitHub Issues
- Documentation: GitHub README
Created by Kushagra Tandon
LLM Security | Prompt Redaction | AI Tools Developer
๐ Security
- All processing happens locally - no data is sent to external services
- Regex patterns are designed to catch common sensitive data formats
- Custom configurations allow organization-specific security rules
- The tool is open source for transparency and community review
Built with โค๏ธ for privacy and security in AI interactions
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cloakprompt-0.1.3.tar.gz
(18.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file cloakprompt-0.1.3.tar.gz.
File metadata
- Download URL: cloakprompt-0.1.3.tar.gz
- Upload date:
- Size: 18.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ac69bd18cd9f3e8aede79b17b72e2030f8c89f656209af40ce0c718e0658e60b
|
|
| MD5 |
58b645fffda8aa75498a606291a085a5
|
|
| BLAKE2b-256 |
e53d47aef53fd04f74e6cd15fce4deaac5ba06b9d3f08a58772a3426aebac9ea
|
File details
Details for the file cloakprompt-0.1.3-py3-none-any.whl.
File metadata
- Download URL: cloakprompt-0.1.3-py3-none-any.whl
- Upload date:
- Size: 17.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
44d4fa01c5ce99de674b7429b3e232abe04633ac54df8ca6e05d953cf103b5de
|
|
| MD5 |
785f9cda24584fa25256399b6c3db8cc
|
|
| BLAKE2b-256 |
6ce1a0a54903483e11ba96c2e3ba80a4167d9dc28d8a5148ffbd3273bbc3edb6
|
