Paste secret scan
ClientA read-only pass over plain text: where sensitive-looking substrings appear, with line numbers and masked previews. When you need a redacted copy, use paste redact.
Report-only workflow
Matches follow the same order as the redaction tool so overlapping spans are not double-counted. Use the checklist to toggle categories when you know part of the paste is benign.
Plain text
?
This only lists likely matches with masked previews—it does not modify your text. Use paste redact to produce a shareable copy. Patterns are regex heuristics, not a full DLP audit.
Matches: 5(email 1, phone 1, jwt 1, bearer 0, URL 1, vendor 1)
| # | Kind | Line:col | Preview |
|---|---|---|---|
| 1 | 3:8 | enginee…example | |
| 2 | Phone | 4:9 | 1 (415)…55-0199 |
| 3 | URL user:pass | 5:6 | https:/…/job/42 |
| 4 | JWT | 6:23 | eyJhbGc…gnature |
| 5 | Vendor-style key | 7:6 | sk-1234…6789012 |
Common use cases
- Review a log or ticket paste for obvious leaks before opening it in a chat assistant.
- Decide whether redaction is needed by counting JWT and Bearer hits at a glance.
- Pair with JSON key redact when the payload is structured data.
Common mistakes to avoid
Assuming “zero matches” means safe
Hex blobs, private keys in odd formats, or renamed variables can still be sensitive. This tool only catches common regex shapes.
Sharing the original text after scanning
Scanning does not remove secrets. Copy from the redact tool when you need a clean version.
FAQ
Is text sent to a server?
No. Matching runs entirely in your browser.
Why previews look truncated?
Long tokens are shortened in the table so you can spot the kind of leak without expanding full secrets on screen.
Common search terms
Phrases people search for that match this tool. See the full long-tail keyword index.
- find secrets in pasted log
- scan text for api keys offline
More tools
Related utilities you can open in another tab—mostly client-side.
Paste redact for AI
ClientMask emails, phones, JWTs, Bearer tokens, URL credentials, and common vendor key shapes in plain text before pasting into chat—heuristic, browser-only.
JSON redact keys
ClientMask values by key name recursively—case-insensitive; local only.
Prompt structure checklist
ClientHeuristic checklist for LLM prompts—role, task, output format, constraints, examples—pattern-based in the browser, no API.
LLM token estimate
ClientRough character-based token planning for prompts and context—CJK-aware heuristic, browser-only—not tokenizer-exact.