AI prompt library sanitizer
Teams build up valuable prompt libraries, but the best real-world prompts are often full of things that should never be shared — live API keys, customer emails, internal hostnames, account numbers. This tool bulk-sanitizes a batch of prompts so you can publish or commit a clean, reusable library without leaking secrets or personal data. It runs entirely in your browser, so even the raw, sensitive input never leaves your machine.
The problem: real prompts accumulate real secrets
When engineers and writers build prompts that work, they test them against real data. That session is quickly saved to Notion, a Slack thread, or a shared Git repo — sometimes with the test values still inside. A prompt library committed to a public repository with one live OpenAI key or one customer email is a security incident. This tool exists to catch those before they travel.
How it works
Paste your prompts one per line, or drop in a JSON array of strings exported from
an existing library. The tool detects the format, then applies a set of
toggleable redaction rules: provider API keys (OpenAI, Anthropic, AWS), platform
tokens (GitHub, Slack), emails, phone numbers, credit card numbers, IPv4
addresses, and internal URLs. Each match is swapped for a readable placeholder
like [EMAIL] or [OPENAI_KEY], and live counts show how much each rule caught.
Copy the result and you have a shareable library.
What gets detected and how
The redaction engine uses pattern matching calibrated to real secret formats:
- Provider API keys: OpenAI keys start with
sk-, Anthropic keys withsk-ant-, AWS access keys withAKIA— all caught by prefix + length patterns. - Platform tokens: GitHub personal access tokens (
ghp_,github_pat_), Slack webhook URLs, and bearer-token-shaped strings are flagged separately so you can toggle them off if your prompts are legitimately about tokens. - PII: email addresses (RFC 5321 pattern), E.164-ish phone numbers, and sixteen-digit card-number clusters with Luhn-ish spacing.
- Infrastructure: IPv4 addresses and URLs containing hostnames that look internal (
.internal,.local,.corp, private CIDR literals).
Each match shows the rule name, count of hits, and the sanitized output in context, so you can tell at a glance whether a rule is catching real secrets or firing on a prompt that is genuinely teaching someone about API key formats.
A worked example
Imagine you paste this prompt: “You are an assistant. The user’s email is [email protected]. Use this key sk-abc123… to verify.”
The sanitizer returns: “You are an assistant. The user’s email is [EMAIL]. Use this key [OPENAI_KEY] to verify.”
Your teammate can now use that prompt as a template — the placeholders make clear where to supply real values — without ever seeing the original test data.
Tips and notes
- Local only. Nothing is uploaded — that’s the point. Paste freely.
- Read before you share. Regex catches formatted secrets, not paraphrased confidential context or project codenames. A human eyeball is the last filter.
- Keep placeholders readable.
[CARD]tells a teammate what kind of value belongs there, which makes the cleaned prompt still usable as a template. - Re-sanitize on export. Add it to your workflow whenever you publish a prompt library so newly added secrets don’t slip through.
- Toggle off rules that create false positives. If your prompt library is specifically teaching people about API key formats, toggle off the key-detection rules so the examples are not themselves redacted.