Secrets firewall for AI pipelines — redact credentials, PII, prompt injection, and RCE payloads before they reach LLMs
Project description
promptsanitizer
Secrets firewall for AI pipelines.
promptsanitizer helps redact, block, and audit sensitive data before it reaches an LLM — and before risky model outputs leave your application.
Why this exists
AI systems often pass user input, retrieved documents, tool outputs, and model responses through LLMs. That text can contain API keys, credentials, PII, or prompt injection attempts.
What it checks
- API keys, tokens, passwords, private keys, and cloud credentials
- PII such as emails, phone numbers, SSNs, credit cards, and IP addresses
- Prompt injection and jailbreak-style instructions
- Risky code execution patterns
- Exfiltration indicators such as internal URLs, metadata endpoints, and webhook-style payloads
Install
pip install promptsanitizer
Optional integrations:
pip install "promptsanitizer[openai]"
pip install "promptsanitizer[anthropic]"
pip install "promptsanitizer[all]"
Quick Start
from promptsanitizer import Firewall
fw = Firewall()
text = "My API key is sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
safe_text = fw.clean(text)
print(safe_text)
My API key is [REDACTED:openai_key]
Core features
- Inbound prompt scanning
- Outbound response scanning
- Redaction, blocking, and audit-only modes
- Default, strict, audit, and custom policies
- CLI support
- OpenAI and Anthropic middleware wrappers
- Compliance-style findings and reports
- Custom detection patterns
Who should use this
- AI engineers
- ML platform teams
- Security engineers
- Researchers
- Teams building agents, RAG systems, copilots, and AI assistants
Examples
Detailed examples are kept in the examples/ folder to keep this README simple.
examples/
basic_clean.py
strict_policy.py
custom_policy.py
prompt_injection_detection.py
outbound_response_scan.py
compliance_report.py
openai_middleware.py
anthropic_middleware.py
cli_scan.sh
cli_report.sh
CLI
promptsanitizer scan "email: dev@example.com"
promptsanitizer clean "my key is sk-proj-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
promptsanitizer report --file prompt.txt
Where it fits
User input
-> promptsanitizer
-> LLM / agent / RAG pipeline
-> promptsanitizer
-> user / logs / downstream systems
Limitations
promptsanitizer is a defensive scanning layer, not a complete security boundary. Use it alongside access controls, secret management, logging controls, tool isolation, and output validation.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file promptsanitizer-1.1.1.tar.gz.
File metadata
- Download URL: promptsanitizer-1.1.1.tar.gz
- Upload date:
- Size: 17.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a84f692b6616e54f49b07f819cdd0aca46b57aac2faa6f542e39e6a2f73d314
|
|
| MD5 |
060fdfd4c874bfd4ce3e7a534f1f62a3
|
|
| BLAKE2b-256 |
1ed1485b3d36f241b120d9f41b8fbf24d36f2a9916130613702be130f0c3746f
|
File details
Details for the file promptsanitizer-1.1.1-py3-none-any.whl.
File metadata
- Download URL: promptsanitizer-1.1.1-py3-none-any.whl
- Upload date:
- Size: 18.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6cde76bd90c501da5dc20a53b0867b079a89618f66062ef08202e2dbd793c68e
|
|
| MD5 |
5f65fa7e83750f0dd81cf4b4bb642d5b
|
|
| BLAKE2b-256 |
8a128daf7236704e43d2c319cf967ceb3804d372f4f8c669d5fc25f3ee927196
|
