Skip to main content

Local-first redaction engine for AI egress security

Project description

EgressAI

EgressAI is a local-first redaction engine for AI egress security.

The first package takes text, detects secrets, replaces them with stable placeholders, and returns structured findings without exposing plaintext secret values in the public result.

Install

pip install egressai

The package depends on egressai-detect-secrets for provider-aware secret detection.

Python API

from egressai import RedactionEngine

secret = "sk-proj-" + "a" * 40
result = RedactionEngine().redact(f"OPENAI_API_KEY={secret}")
print(result.redacted_text)

Output:

OPENAI_API_KEY={{EGRESSAI_SECRET_OPENAI_001}}

Structured result:

payload = result.to_dict()

The structured output includes:

  • redacted_text
  • findings
  • stats

Plaintext secret values are not included in result.to_dict().

CLI

Redact inline text:

egressai redact "OPENAI_API_KEY=sk-proj-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

Redact a file:

egressai redact ./prompt.txt

Redact stdin:

cat ./logs.txt | egressai redact

Return the full redaction result as JSON:

egressai redact --json ./sample.env

Scan without printing redacted text:

egressai scan ./sample.env

Return findings and stats as JSON:

egressai scan --json ./sample.env

Fail when findings are present:

egressai scan --fail-on-findings ./sample.env

Use a custom placeholder prefix:

egressai redact --placeholder-prefix SAFE ./prompt.txt

Exit Codes

By default, CLI commands exit 0 even when findings are detected.

With --fail-on-findings:

  • exits 0 when no findings are detected
  • exits 1 when findings are detected
  • exits 2 for CLI usage errors

Supported Secret Types

Initial support includes:

  • OpenAI API keys
  • Anthropic API keys
  • Google/Gemini API keys
  • GitHub tokens
  • GitLab tokens
  • AWS access keys
  • Stripe keys
  • Slack tokens
  • npm tokens, including .npmrc auth tokens and NPM_TOKEN=npm_... env values
  • PyPI tokens
  • Hugging Face tokens
  • JWTs
  • private key blocks
  • database URLs
  • Azure connection strings
  • generic .env-style secret assignments

Maintainer Notes

Every user-visible change should update this README in the same change set.

Before publishing:

python3 -m pytest
python3 -m build
python3 -m twine check dist/egressai-*

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

egressai-0.1.2.tar.gz (9.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

egressai-0.1.2-py3-none-any.whl (9.2 kB view details)

Uploaded Python 3

File details

Details for the file egressai-0.1.2.tar.gz.

File metadata

  • Download URL: egressai-0.1.2.tar.gz
  • Upload date:
  • Size: 9.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for egressai-0.1.2.tar.gz
Algorithm Hash digest
SHA256 4088882d754e5c27679fc3ff04789a7ceb0733aa852498213a5ec5b9be356ff8
MD5 d99ce62d6ec797cbb75f4a3c370b865c
BLAKE2b-256 3312cc8cd86718728575b48e3a7cc3b5cc6167e743c0897e99cc6f17583fbbbb

See more details on using hashes here.

File details

Details for the file egressai-0.1.2-py3-none-any.whl.

File metadata

  • Download URL: egressai-0.1.2-py3-none-any.whl
  • Upload date:
  • Size: 9.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.6

File hashes

Hashes for egressai-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c39b6d2d508c82fa2370700eb5e35675312e6c4444887016bb96cea3ec97fd56
MD5 66964e978551e9431253cc379e6d9cc7
BLAKE2b-256 63967a3064c068d5fb2cee7cbdb259ae52e96626f7297b5be76b83b507d168d1

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page