JSON redact keys
ClientList key names to mask—values become [REDACTED] everywhere those keys appear. Use before pasting payloads into tickets or chat.
Learn more: redacting keys
Walk objects and arrays; when a property name matches your list, replace its value with a fixed placeholder string.
Safety
This is a best-effort scrubber—not a guarantee of removing all secrets. Values inside strings or non-matching keys can still leak; review manually before sharing.
Redact keys
?
Matching is case-insensitive on object keys at every depth. Values are replaced with the string [REDACTED].
Common use cases
- Mask tokens, passwords, and API keys in sample payloads before pasting into tickets, chats, or public gists.
- Prepare log excerpts for screenshots where key names can stay visible but values must not.
- Iterate on a key list until the remaining JSON is safe enough for external review.
Common mistakes to avoid
Treating redaction as a security guarantee
Values can leak in neighboring fields, URLs, or base64 blobs. Review the whole document and remove unrelated secrets.
Missing secrets stored under uncommon key names
Add every variant you use (token, accessToken, bearer, apiKey). Case-insensitive matching helps but is not exhaustive.
FAQ
Is redaction performed on your servers?
No. Matching and replacement happen locally in your browser.
Does redaction remove keys or only values?
Listed keys keep their names; values are replaced with a placeholder so structure remains readable.
More tools
Related utilities you can open in another tab—mostly client-side.
JSON formatter
ClientJSON format online: pretty-print, minify, validate, escape, download .json.
JSON compare
ClientSide-by-side diff paths; sample pre-filled.
Encoding tools
ClientBase64 and URL on this page; hub lists hex, HTML entities, JWT, JSON helpers, crypto, and tokens.
Base64 in JSON
ClientFind string fields that look like Base64 and preview UTF-8 decoded text—local only.