Skip to main content

An automatic sensitive data scrubber and restorer.

Project description


Ever wanted to release a project to the open source community, if only it weren’t for the hassle of having to strip out sensitive data like API keys every time you commit?

Or maybe you’ve had to rewrite your version control history because you accidentally committed something that the rest of the world wasn’t supposed to see?

lucido (pronounced loo-CHEE-dough) is a simple script designed to make these problems a thing of the past. On its own, it can strip and restore sensitive data with ease. Within a git repository, lucido prevents you from committing your sensitive data, and automatically restores it for you after any merges.


From the command line:

pip install lucido

If lucido is already installed, you can upgrade to the latest version with:

pip install --upgrade lucido

Getting Started

You’ll want to create a file named luci.yml. (If you’re doing this within a git repository, make sure luci.yml is at the root of the repository.) It should contain, at the very least, a sensitive key, which will take a list of values that should be scrubbed by lucido. It can also contain an exclude key, which can take a list of directories which should not be scrubbed.

Here’s an example:

- .git
- qqhPKzffeZu0
- ALpeJmcMs7TG
- z-1JWjRdbXzN
- 3r_h1q_1TEs3


If you plan to use lucido within a git repository, you’ll only need to run the following:

luci -i

This will create git hooks for you so that scrubbing/restoring is done automatically. (Technically, scrubbing is not automatic, as pre-commit hooks should not change the content of the files that are to be committed. But if sensitive data is found, the commit will fail and you’ll be given a helpful message about how to scrub the data.)

If you’re not using lucido within a git repository, you’ll want to run these commands:

# check for sensitive data
luci -c
# if present, scrub the sensitive data
luci -s
# at a later time, restore the sensitive data
luci -r


-c, --check: Checks for sensitive data in the current working directory.
-i, --init: Creates git hooks and adds luci.yml to .gitignore if run within a git repository.
-s, --scrub: Scrubs sensitive data in the current working directory.
-r, --restore: Restores sensitive data in the current working directory.

Git Hooks

When initialized in a git repository, lucido adds the following git hooks:

  • pre-commit: Before committing, lucido will check the repository for sensitive data. If sensitive data is present, the commit will not be created.
  • post-commit, post-merge: After committing or merging in new changes, lucido will restore the sensitive data in your repository so that your code will work as expected.

Version Information

Current stable release is v0.1, last updated on October 23, 2012.


Feel free to file any issues on the project’s bug tracker.

Or, if you’re in a more philanthropic mood, consider leaving a Gittip.



  • Initial release

Project details

Release history Release notifications

History Node


History Node


This version
History Node


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
lucido-0.1.tar.gz (6.2 kB) Copy SHA256 hash SHA256 Source None Oct 23, 2012

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page