PitchHut logo
Log in / Sign up
Fast and reliable PII masking for securing sensitive data.
Preview url
Visit project
Pitch

Shhh is a high-speed PII masker designed to replace sensitive information with realistic, structurally identical fakes. Ideal for securing passwords, emails, and API keys, Shhh ensures AI tools can still function effectively without exposing original data. Easily integrate it into workflows, protecting privacy with confidence.

Description

Shhh is a high-performance PII masker designed to enhance data privacy by replacing sensitive information with realistic fakes. This innovative tool ensures that original data remains unseen while allowing AI and machine learning tools to reason on the data structure. The masking process efficiently preserves the format of personal identifiable information (PII) such as passwords, API keys, JWTs, SSNs, and emails, ensuring that downstream applications can function seamlessly without exposure to sensitive data.

Key Features

  • Deterministic Replacement: Generates consistent fakes for identical inputs and session IDs, allowing for repeatable results every time.
  • Structured Validity: Maintains structural integrity with valid formats for credit cards (Luhn-valid), JWTs, RFC 5737 IPs, and real email formats.
  • Comprehensive Detection: Utilizes four distinct detection methods in a single linear scan, reducing overhead. These methods include:
    1. Structural: Identifies common formats such as JWTs, AWS keys, and credit cards using a master regex.
    2. Contextual: Looks for keyword proximity to capture PII associated with specific labels like token: or password=.
    3. Entropy Analysis: Examines the likelihood of high-entropy tokens appearing in suspicious contexts.
    4. Bare Token Detection: Detects high-entropy tokens that appear in free text, ensuring thorough coverage.

Usage Examples

Shhh can be easily integrated into various workflows, whether it be through direct piping or file manipulation. Here are some examples:

# Sanitizing a JSON string with sensitive data
echo '{"password":"hunter2","email":"real@corp.com"}' | shhh
# Output: {"password":"correct449!sto","email":"fake.user@mailtest.net"}

# Processing a file
cat secrets.env | shhh | your-tool

# Launching commands while sanitizing
shhh --file ./secrets.env launch any-command

Shhh also supports live interception of pasted data, making it a powerful tool for maintaining privacy in interactive environments:

shhh launch any-tool         # Use with any AI tool

The tool is designed with privacy in mind—no original values are stored or logged during the process. While Shhh effectively masks PII, it is essential to note that it may not guarantee 100% accuracy; false negatives can occur, so continuous evaluation is advised.

For further exploration, a browser-based playground can be accessed to test and observe how Shhh works in real time, ensuring transparency in how sensitive information is handled.

0 comments

No comments yet.

Sign in to be the first to comment.