Redacted: A Tool to Strip Secrets Before Sending to Claude

The problem has been around for a while, though few name it plainly: whenever a developer pastes a code snippet, a configuration file or a log into Claude, there is a risk of dragging along API keys, tokens, passwords or internal paths. It is not a flaw in Claude; it is a workflow flaw. And a developer known on GitHub as svn-arv has decided to tackle it head-on with Redacted, an open-source tool presented this week on Hacker News.

The proposal is straightforward in concept: a scrubber that sits between the content the user wants to send to the model and the model itself, detecting patterns associated with secrets (AWS keys, Bearer tokens, database connection strings, environment variables with suspicious names, etc.) and replacing them with neutral placeholders before they leave the local environment.

What Redacted Does Exactly

According to the repository, the tool applies a set of regular expressions and heuristics to identify values that look like credentials. When it detects one, it replaces it with a placeholder like `[REDACTED_API_KEY]` or similar, so the semantic context of the text remains intact but the sensitive value does not travel to any external server.

The most obvious use case is working with Claude Code: when you ask the agent to analyse a `.env` file, a `docker-compose.yml` or any configuration that mixes logic with secrets, Redacted can act as a prior sanitization layer. Integration with Claude Code hooks—specifically on the `PreToolUse` event—seems like the natural fit, though the repository does not yet document that integration explicitly.

Another relevant scenario is use with MCP servers that read files from the local file system or access environment variables. A poorly configured MCP server can expose more context than expected; a scrubber in the pipeline reduces that surface area.

Why It Matters Now

With the growing adoption of Claude Code in real development environments, with sub-agents that read entire repositories, hooks that execute commands and skills that access persistent context, the risk of accidental secret leakage has grown in direct proportion to the power of integrations. Claude Opus 4.7's one-million-token context window is a huge advantage for code analysis tasks, but it also means much more potentially sensitive content can fit in a single call.

This is not about distrust towards Anthropic or the model. It is about basic hygiene: secrets should not leave the local environment, just as they should not be committed to the repository. Tools like `git-secrets` or `truffleHog` already normalized this control on the version control side; Redacted points to the same problem but on the side of context sent to LLMs.

Limitations and Project Status

The project is in a very early stage. At the time of publication on Hacker News it had barely any upvotes and no comments in the thread, indicating it just came out and has not yet received significant community review. This matters: regex-based heuristics for detecting secrets have known false-negative rates—a custom key without a recognized pattern can slip through undetected—and also false positives that can break the context sent to the model.

Moreover, the tool does not solve the problem of secrets arriving through indirect routes: if an MCP server queries a database and returns rows containing tokens, the scrubber applied only to the user input will not intercept that response.

That said, the direction is right. The community building on Claude needs more utilities like this: small, auditable, with a clear purpose. That someone decided to publish this as open source rather than ignore the problem or solve it only for private use is exactly the kind of contribution that makes the ecosystem healthier in the long run.