PitchHut logo
Safeguard your logs before sharing with ease.
Pitch

ShareClean is a Python CLI tool designed to redact sensitive information from logs and outputs prior to sharing. Running locally and without any APIs, it identifies and replaces secrets while preserving context, enabling safe sharing in GitHub issues, support tickets, or chats.

Description

ShareClean is an innovative local-first Python CLI tool designed to enhance the safety of sharing sensitive information in developer outputs. This tool effectively cleans logs, stack traces, configuration snippets, terminal output, and URLs, ensuring that personal information, secrets, and tokens are redacted before sharing in public or semi-public forums such as GitHub issues, Slack messages, or AI chat interactions.

Key Features

  • Local Processing: Runs entirely on your machine without requiring any accounts, API keys, network calls, or telemetry, providing a straightforward and private experience.
  • Effective Redaction: Automatically identifies and replaces sensitive information, such as passwords, API keys, and email addresses, while preserving the useful context surrounding them. For example:
    Before
    ------
    DATABASE_URL=postgresql://app:fake-db-password@db.example.com/shareclean
    Authorization: Bearer fake-bearer-token
    callback=https://example.com/callback?token=fake-url-token&safe=1
    
    After
    -----
    DATABASE_URL=postgresql://app:[REDACTED]@db.example.com/shareclean
    Authorization: Bearer [REDACTED]
    callback=https://example.com/callback?token=[REDACTED]&safe=1
    
  • Broad Coverage: Redacts various types of sensitive data, including but not limited to:
    • Passwords, API keys, and access tokens
    • Authorization headers
    • URL query parameters containing secrets
    • Personal identifiers such as email addresses and local usernames
    • Custom regex patterns to fit specific needs

Quick Start Commands

Utilize ShareClean easily with commands such as:

# Print cleaned output to stdout
shareclean app.log

# Write a cleaned copy to a file
shareclean app.log --output app.cleaned.log

# Read from stdin
cat app.log | shareclean

# Generate a safe metadata-only report
shareclean app.log --report

ShareClean ensures that the original input file remains intact, providing a safe way to share information without compromising sensitive data.

CI Integration

For continuous integration, use the --check flag to validate outputs without altering any files:

shareclean app.log --check
shareclean app.log --check --fail-on severity:high

Customization Options

Configure ShareClean for your project with a .shareclean.toml file or by integrating settings into your pyproject.toml:

redact_email = true
redact_private_ip = true
redaction_label = "[REDACTED]"
fail_on = ["severity:high"]
custom_patterns = [
  { name = "Employee ID", pattern = "EMP-[0-9]{6}", category = "credential", severity = "high" },
]

Important Note

Though ShareClean serves as a robust last-check tool for safeguarding the sharing of text outputs, it should not be viewed as a substitute for GitHub Secret Scanning, Gitleaks, or other similar tools. Its strength lies in its ability to provide an additional layer of security, ensuring that potentially sensitive information does not get shared by accident.

Explore more about ShareClean and try it locally or via the browser playground to see its capabilities in action.

0 comments

No comments yet.

Sign in to be the first to comment.