Secret Redaction
AgentLogs automatically scans all transcripts for secrets and sensitive data before uploading. This ensures your API keys, tokens, passwords, and other credentials never leave your machine in plain text.
How It Works
When you sync or upload a transcript, the CLI applies two layers of protection:
- Sensitive file redaction — Contents of known secret-containing files (
.env, .zshrc, SSH keys, etc.) are fully masked in Read and Write tool calls
- Pattern-based detection — All remaining text is scanned for 1,600+ secret patterns (API keys, tokens, credentials)
- Upload — Only the redacted version is sent to AgentLogs
Redaction happens entirely on your machine. Secrets are never sent to AgentLogs servers.
Sensitive File Redaction
In addition to pattern-based secret detection, AgentLogs fully redacts the contents of files commonly known to contain secrets. When a Read or Write tool call targets one of these files, the entire content is replaced with asterisks while preserving whitespace structure.
Files That Are Fully Redacted
| Category | Files |
|---|
| Environment files | .env, .env.local, .env.development, .env.production, .env.test, .env.staging, .env.dev, .env.prod, etc. |
| Shell configuration | .zshrc, .bashrc, .bash_profile, .profile, .zprofile, .zshenv |
| Shell history | .zsh_history, .bash_history |
| SSH keys | id_rsa, id_ed25519, id_ecdsa, id_dsa, *.pem, *.key |
| AWS credentials | .aws/credentials, .aws/config |
| Package managers | .npmrc, .yarnrc, .yarnrc.yml |
| Kubernetes | .kube/config, kubeconfig |
| Git credentials | .git-credentials, .netrc |
| Docker | .docker/config.json |
| Application secrets | secrets.yml, secrets.yaml, master.key, credentials.yml.enc, service-account.json |
Template files like .env.example, .env.sample, and .env.template are not redacted since they typically
contain placeholder values meant to be shared.
Example
// Original .env file content in transcript
DATABASE_URL=postgres://admin:secret@db.example.com/myapp
API_KEY=sk-ant-abc123
// After redaction (structure preserved, all content masked)
***************************************************************
**********************
Pattern-Based Secret Detection
The scanner includes 1,600+ patterns covering secrets from major services and platforms:
AI & ML Providers
| Provider | Pattern Example |
|---|
| OpenAI | sk-..., sk-proj-... |
| Anthropic | sk-ant-... |
| HuggingFace | hf_... |
| Replicate | r8_... |
Authentication Tokens
| Type | Pattern Example |
|---|
| JWT | eyJ... |
| Bearer tokens | Bearer ... |
| OAuth secrets | client_secret=... |
| GitHub PAT | github_pat_..., ghp_..., gho_... |
| GitLab PAT | glpat-... |
Database Connection Strings
| Database | Pattern Example |
|---|
| PostgreSQL | postgres://user:pass@host/db |
| MongoDB | mongodb+srv://user:pass@host/db |
| MySQL | mysql://user:pass@host/db |
| Redis | redis://user:pass@host |
Cloud & DevOps
| Service | Pattern Example |
|---|
| AWS | Access keys, ARNs |
| Stripe | pk_live_..., sk_live_... |
| SendGrid | SG.... |
| Sentry DSN | https://...@sentry.io/... |
| Discord | Bot tokens, webhooks |
| Telegram | Bot tokens |
Generic Patterns
The scanner also detects common secret formats:
- Private keys (
-----BEGIN RSA PRIVATE KEY-----)
- Generic API keys (
api_key=..., apikey:...)
- Password fields (
password=..., passwd:...)
- Secret fields (
secret=..., client_secret:...)
Length-Preserving Redaction
Secrets are redacted while preserving string length and JSON structure. This ensures transcripts remain valid and parseable after redaction.
// Before
"Authorization": "Bearer sk-ant-api03-abc123..."
// After
"Authorization": "Bearer ************************"
Pattern Sources
The scanner uses patterns from secrets-patterns-db, a community-maintained database of secret detection patterns.
We’ve added custom patterns on top for better coverage of AI tools and modern services:
| Category | Custom Patterns Added |
|---|
| AI Providers | OpenAI, Anthropic, Cohere, HuggingFace, Replicate |
| Authentication | JWT, OAuth client secrets, Bearer tokens, Google OAuth |
| Git Platforms | GitHub fine-grained PATs, GitLab PATs and runner tokens |
| Database URIs | MongoDB, PostgreSQL, MySQL, Redis, JDBC, password-in-URL |
| Cloud & DevOps | DigitalOcean, Vault, CircleCI, New Relic, Sentry DSN, Cloudinary |
| Messaging | Discord bot tokens and webhooks, Telegram bots, Microsoft Teams webhooks |
| Payment | Stripe publishable keys, PayPal Braintree, Square |
| Services | SendGrid, Mailgun, MailChimp, Shopify, Dropbox, Asana, Linear |
| Generic | API keys, secrets, tokens, private key blocks, certificates |
Limitations
While the scanner catches the vast majority of secrets, it cannot detect:
- Custom or proprietary secret formats
- Secrets that don’t match common patterns
- Encrypted or encoded secrets (base64-wrapped, etc.)
For maximum security, we recommend also using allowlist mode to control exactly which repositories are captured. See Permissions for details.
