AI Prompt Library Sanitizer

Sanitize a batch of prompts to remove PII and secrets

Paste a batch of prompts (one per line or as JSON array) and bulk-sanitize them — removing PII, API keys, sensitive business context — to create a safe, shareable prompt library for team use. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Are my prompts uploaded anywhere?

No. All sanitization runs locally in your browser using pattern matching. Nothing is sent to a server, which is exactly why it is safe to paste sensitive prompts here.

AI prompt library sanitizer

Teams build up valuable prompt libraries, but the best real-world prompts are often full of things that should never be shared — live API keys, customer emails, internal hostnames, account numbers. This tool bulk-sanitizes a batch of prompts so you can publish or commit a clean, reusable library without leaking secrets or personal data. It runs entirely in your browser, so even the raw, sensitive input never leaves your machine.

The problem: real prompts accumulate real secrets

When engineers and writers build prompts that work, they test them against real data. That session is quickly saved to Notion, a Slack thread, or a shared Git repo — sometimes with the test values still inside. A prompt library committed to a public repository with one live OpenAI key or one customer email is a security incident. This tool exists to catch those before they travel.

How it works

Paste your prompts one per line, or drop in a JSON array of strings exported from an existing library. The tool detects the format, then applies a set of toggleable redaction rules: provider API keys (OpenAI, Anthropic, AWS), platform tokens (GitHub, Slack), emails, phone numbers, credit card numbers, IPv4 addresses, and internal URLs. Each match is swapped for a readable placeholder like [EMAIL] or [OPENAI_KEY], and live counts show how much each rule caught. Copy the result and you have a shareable library.

What gets detected and how

The redaction engine uses pattern matching calibrated to real secret formats:

  • Provider API keys: OpenAI keys start with sk-, Anthropic keys with sk-ant-, AWS access keys with AKIA — all caught by prefix + length patterns.
  • Platform tokens: GitHub personal access tokens (ghp_, github_pat_), Slack webhook URLs, and bearer-token-shaped strings are flagged separately so you can toggle them off if your prompts are legitimately about tokens.
  • PII: email addresses (RFC 5321 pattern), E.164-ish phone numbers, and sixteen-digit card-number clusters with Luhn-ish spacing.
  • Infrastructure: IPv4 addresses and URLs containing hostnames that look internal (.internal, .local, .corp, private CIDR literals).

Each match shows the rule name, count of hits, and the sanitized output in context, so you can tell at a glance whether a rule is catching real secrets or firing on a prompt that is genuinely teaching someone about API key formats.

A worked example

Imagine you paste this prompt: “You are an assistant. The user’s email is [email protected]. Use this key sk-abc123… to verify.”

The sanitizer returns: “You are an assistant. The user’s email is [EMAIL]. Use this key [OPENAI_KEY] to verify.”

Your teammate can now use that prompt as a template — the placeholders make clear where to supply real values — without ever seeing the original test data.

Tips and notes

  • Local only. Nothing is uploaded — that’s the point. Paste freely.
  • Read before you share. Regex catches formatted secrets, not paraphrased confidential context or project codenames. A human eyeball is the last filter.
  • Keep placeholders readable. [CARD] tells a teammate what kind of value belongs there, which makes the cleaned prompt still usable as a template.
  • Re-sanitize on export. Add it to your workflow whenever you publish a prompt library so newly added secrets don’t slip through.
  • Toggle off rules that create false positives. If your prompt library is specifically teaching people about API key formats, toggle off the key-detection rules so the examples are not themselves redacted.