High-Trust. Secure by Default. Zero Config.

Sanitize Terminal Output. Securely Share.

cleansh is a powerful, single-purpose CLI tool that intelligently redacts **IP addresses, emails, tokens, and absolute paths** from your logs and terminal output. Fully local. Open-source. Expect bugs as it's in development, and please report them!

Experience Real-Time Log Redaction

Paste your logs below and see `cleansh` instantly redact sensitive information. No data leaves your browser.

Note: This is a client-side demo. For production-grade redaction, use the CLI tool. (Live `cleansh` tool integration via WebAssembly (WASM) or API coming soon!)

Why Choose cleansh? Secure, Comprehensive, Flexible.

🛡 Secure by Default

All redaction logic is **static and regex-based**, preventing arbitrary code execution. `cleansh` operates **entirely locally with no external network calls or telemetry**. Your sensitive data stays private.

✂️ Comprehensive Built-in Redactions

Out-of-the-box detection for common sensitive data: **Emails, IPv4 addresses, generic tokens, JWTs, AWS/GCP/SSH keys, common hex secrets, and normalized absolute paths** (Linux/macOS).

⚙️ Flexible Custom YAML Rules

Extend `cleansh` easily. Define your own **custom regex patterns in a YAML file** to clean industry-specific tokens or unique data points. These rules intelligently merge with built-in defaults.

📋 Instant Clipboard Integration (`-c`)

Streamline your workflow. With the simple `--clipboard` or `-c` flag, `cleansh` automatically copies the **sanitized output directly to your system clipboard**, ready for pasting.

📂 Versatile Input/Output (`-o`)

Designed for flexibility. `cleansh` works seamlessly with **stdin (piped input), file input**, and can output to **stdout, the clipboard, or a specified file** using `--out` or `-o`.

✨ Clear Diff View (`-d`)

Understand exactly what `cleansh` redacts. Use the `--diff` or `-d` flag to **display a colored diff between the original and sanitized content**, highlighting all changes for quick review.

Who Needs cleansh? Common Scenarios.

Whether you're debugging, collaborating, or ensuring compliance, `cleansh` simplifies data security.

Debugging & Support

Share problematic logs with colleagues or support teams without accidentally exposing API keys, user data, or network specifics. Ensures faster, safer issue resolution.

Compliance & Auditing

Automate the redaction of Personally Identifiable Information (PII) or other regulated data to comply with GDPR, CCPA, HIPAA, and internal security policies.

CI/CD Pipelines

Integrate `cleansh` directly into your continuous integration and deployment pipelines to ensure all generated logs are sanitized before being stored or presented.

Open-Source Contributions

When contributing to public repositories, use `cleansh` to redact sensitive information from code snippets, issue descriptions, or discussion threads.

Future-Proofing cleansh: Post v1.0 Aspirations

As `cleansh` evolves beyond its current stable version, we envision expanding its utility and integration capabilities for broader accessibility and advanced data protection needs.

🔌 Plugin System (Coming Soon)

A modular plugin architecture to allow dynamic loading of external, custom redaction logic and advanced functionalities.

🌐 Integrated Solutions & WebAssembly (Coming Soon)

Exploring VS Code extensions, a lightweight web GUI, and a WebAssembly (WASM) version for client-side, browser-based log sanitization.

📦 Custom Git Hooks (Coming Soon)

Implement pre-commit or post-merge Git hooks to automatically sanitize commit messages or patch diffs before sharing them.

🔒 Advanced Redaction Tiers (Coming Soon)

Investigate features like auto-detection of security tokens from various cloud providers and dynamic secrets for complex enterprise use cases.

What Developers Are Saying

"cleansh has been a game-changer for our team. Sharing logs is no longer a security headache. It just works, is fast, and gives us complete peace of mind. A must-have for any modern dev shop."

- Alex Chen, Lead DevOps Engineer at TechSolutions Inc.

Trusted By Industry Leaders

cleansh is built on principles of security and reliability, making it the preferred choice for organizations serious about data privacy.

Company A Logo Company B Logo Company C Logo Company D D Logo Company E Logo

Get Started with cleansh Today

Installing `cleansh` is quick and easy. Choose your preferred method below.

Install via Script (macOS / Linux)

curl -sSf https://cleansh.sh/install.sh | sh

This script downloads the latest pre-compiled binary for your system. Note: `https://cleansh.sh/install.sh` is a placeholder URL for future distribution.

Install via Cargo (Rust)

cargo install cleansh

If you have the Rust toolchain installed, use Cargo to compile and install `cleansh` directly from crates.io.

Alternatively, download a pre-compiled binary for Windows, macOS, or Linux directly from GitHub releases, or build from source.