Log & Data Redactor
Scrub secrets out of your logs before you share them — offline, single-file, zero installs.
Log & Data Redactor is a free, no-install command-line tool that scrubs sensitive data out of logs and text before you share them. Every developer has pasted a log into a ticket or chat and later realized it contained an API key, a customer email, a JWT, or a full credit-card number. This tool catches those *before* they leave your machine.
It runs completely offline as a single Python file — Python 3.8+ standard library only, no dependencies, no network activity whatsoever. Point it at a file or pipe text through it and it detects and masks emails, IPv4/IPv6 addresses, credit-card-like numbers (Luhn-validated to avoid flagging ordinary IDs), JSON Web Tokens, AWS access-key IDs, Bearer/Authorization tokens, PEM private-key blocks, and common password=/api_key: style secrets. You can add your own detectors with a simple name=REGEX patterns file, restrict or exclude categories, and choose between readable [REDACTED:CATEGORY] labels or character masking (optionally revealing the last N characters for correlation).
Built for real workflows: redact to stdout, to another file, or in place with an automatic .bak backup and atomic writes. Output is byte-for-byte faithful — non-matching content, line endings, and whitespace are never altered. A per-category summary prints to stderr (or as JSON with --json-summary), and meaningful exit codes let you gate CI pipelines so a build fails if a secret leaks into a log. Cross-platform, clean colorized output that degrades gracefully, and a passive/defensive design make it safe to keep in every engineer's toolbox. A free brand artifact from Bug Circuit.
How to use
- Download bugcircuit-logredact.py — no install or dependencies needed (Python 3.8+ only).
- Run it on a file: python3 bugcircuit-logredact.py app.log — the cleaned text prints to stdout, a summary to stderr.
- Save a cleaned copy with -o clean.log, or edit the original in place with --in-place (a .bak backup is created automatically).
- Pipe through it: cat app.log | python3 bugcircuit-logredact.py - > clean.log for use in scripts and CI.
- Tune what gets caught with --only / --exclude, switch to --mode mask, or add custom detectors via --patterns myfile.
- Check the exit code: 0 = clean, 1 = redactions made — use --json-summary for machine-readable counts in pipelines.
Example commands
python3 bugcircuit-logredact.py app.log
python3 bugcircuit-logredact.py app.log -o app.clean.log
cat app.log | python3 bugcircuit-logredact.py - > app.clean.log
python3 bugcircuit-logredact.py app.log --in-place
python3 bugcircuit-logredact.py payments.log --mode mask --keep-last 4
python3 bugcircuit-logredact.py app.log --only email,ipv4,jwt
python3 bugcircuit-logredact.py app.log --patterns my.patterns --json-summaryFree · MIT licensed · Python 3.8+ · no dependencies · runs on Windows, macOS & Linux. A free tool from Bug Circuit.
Downloads are free. You’ll sign in to a free store account (any email — takes 10 seconds) so you can re-download any time from your account.
Something not right with your order? Email [email protected] — the same team that runs our security audits makes it right.