Secrets firewall for AI pipelines — redact credentials and PII before they reach LLMs
Project description
promptsanitizer
Secrets firewall for AI pipelines — redact credentials and PII before they reach (or leave) LLMs.
Install
pip install promptsanitizer
# with LLM middleware
pip install "promptsanitizer[openai]"
pip install "promptsanitizer[anthropic]"
pip install "promptsanitizer[all]"
Quick start
from promptsanitizer import Firewall
fw = Firewall()
safe = fw.clean("My key is sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx and email is dev@example.com")
print(safe)
# My key is [REDACTED:openai_key] and email is [REDACTED:email]
Policies
| Policy | Behaviour |
|---|---|
Policy.default() |
Redact all findings (default) |
Policy.strict() |
Block on any credential, redact PII |
Policy.audit() |
Allow everything through, only record findings |
Policy.custom(rules) |
Per-DataClass action map |
from promptsanitizer import Firewall, Policy, BlockedError
# Block on credentials
fw = Firewall(policy=Policy.strict())
try:
fw.clean("token: ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
except BlockedError as e:
print(e)
# Blocked: detected github_token in text
# Audit mode — nothing redacted, everything logged
fw = Firewall(policy=Policy.audit())
out = fw.clean("SSN: 123-45-6789")
print(out)
# SSN: 123-45-6789
print(fw.findings)
# [Finding(data_class=<DataClass.SSN: 'ssn'>, severity=<Severity.CRITICAL: 'critical'>,
# compliance_tags=[HIPAA, GDPR, SOC2], start=5, end=16,
# matched_value='123-45-6789', placeholder='[REDACTED:ssn]', direction='inbound')]
Custom patterns
import re
from promptsanitizer import Firewall, SecretPattern, DataClass, Severity, ComplianceTag
pattern = SecretPattern(
name="internal_token",
data_class=DataClass.GENERIC_API_KEY,
regex=re.compile(r"INTERNAL-[A-Z0-9]{16}"),
severity=Severity.HIGH,
compliance_tags=[ComplianceTag.SOC2],
placeholder="[REDACTED:internal_token]",
)
fw = Firewall()
fw.add_pattern(pattern)
print(fw.clean("Use token INTERNAL-ABCDEF1234567890 for staging"))
# Use token [REDACTED:internal_token] for staging
Directions
from promptsanitizer import Firewall, Direction
fw = Firewall()
print(fw.clean("key sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", direction=Direction.INBOUND))
# key [REDACTED:openai_key]
print(fw.clean("token ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", direction=Direction.OUTBOUND))
# token [REDACTED:github_token]
# Direction is recorded on each Finding and appears in the compliance report
print({f.direction for f in fw.findings})
# {'inbound', 'outbound'}
Compliance report
fw = Firewall()
fw.clean("card: 4111111111111111")
fw.clean("ssn: 123-45-6789")
print(fw.report().summary())
# Generated : 2026-04-10T21:36:30.895934+00:00
# Findings : 2
#
# Severity breakdown:
# critical 2
#
# Data class breakdown:
# credit_card 1
# ssn 1
#
# Compliance framework exposure:
# pci_dss 1
# hipaa 1
# gdpr 2
# soc2 2
#
# Direction:
# inbound 2
OpenAI middleware
import openai
from promptsanitizer.middleware import PromptGuardOpenAI
client = PromptGuardOpenAI(openai.OpenAI())
# Prompts are automatically cleaned before sending; responses are scanned on return
Anthropic middleware
import anthropic
from promptsanitizer.middleware import PromptGuardAnthropic
client = PromptGuardAnthropic(anthropic.Anthropic())
CLI
$ echo "My key sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" | promptguard clean
My key [REDACTED:openai_key]
$ promptguard scan "email: user@corp.com"
[MEDIUM ] Email Address pos 7:20 (gdpr, hipaa, soc2)
1 finding(s) total.
Detected data classes
openai_key · anthropic_key · google_ai_key · aws_access_key · aws_secret_key · github_token · gitlab_token · stripe_key · twilio_token · sendgrid_key · generic_api_key · private_key · jwt_token · connection_string · password · email · phone · ssn · credit_card · ip_address
Compliance frameworks
HIPAA · GDPR · SOC2 · PCI-DSS
Development
pip install -e ".[dev]"
pytest
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
promptsanitizer-1.0.0.tar.gz
(15.6 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file promptsanitizer-1.0.0.tar.gz.
File metadata
- Download URL: promptsanitizer-1.0.0.tar.gz
- Upload date:
- Size: 15.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6a8e76610dc5e388756c492c532b61655198cd84be6b72e61aa5f4e5aa4735ad
|
|
| MD5 |
e7dc44eb8c84b5769590ab5570e65f9e
|
|
| BLAKE2b-256 |
326affc050663130a28ca3bc39619ac9f261cda279bb5da1a6ef1e01e0900670
|
File details
Details for the file promptsanitizer-1.0.0-py3-none-any.whl.
File metadata
- Download URL: promptsanitizer-1.0.0-py3-none-any.whl
- Upload date:
- Size: 16.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ccc1878d881aa7eeaa22cf7ccd475635c42332a4e5bb9b6aef722af5b752b77b
|
|
| MD5 |
40922019d2a1f3f413358a1f7a1b08d0
|
|
| BLAKE2b-256 |
1fbd671cd853e828266bb82c484de6683ea669df863bc35d705bd35f65111ad1
|
