High-Trust. Secure by Default. Zero Config.
cleansh is a powerful, single-purpose CLI tool that intelligently redacts **IP addresses, emails, tokens, and absolute paths** from your logs and terminal output.
Fully local. Open-source. Expect bugs as it's in development, and please report them!
Paste your logs below and see `cleansh` instantly redact sensitive information. No data leaves your browser.
Note: This is a client-side demo. For production-grade redaction, use the CLI tool. (Live `cleansh` tool integration via WebAssembly (WASM) or API coming soon!)
All redaction logic is **static and regex-based**, preventing arbitrary code execution. `cleansh` operates **entirely locally with no external network calls or telemetry**. Your sensitive data stays private.
Out-of-the-box detection for common sensitive data: **Emails, IPv4 addresses, generic tokens, JWTs, AWS/GCP/SSH keys, common hex secrets, and normalized absolute paths** (Linux/macOS).
Extend `cleansh` easily. Define your own **custom regex patterns in a YAML file** to clean industry-specific tokens or unique data points. These rules intelligently merge with built-in defaults.
Streamline your workflow. With the simple `--clipboard` or `-c` flag, `cleansh` automatically copies the **sanitized output directly to your system clipboard**, ready for pasting.
Designed for flexibility. `cleansh` works seamlessly with **stdin (piped input), file input**, and can output to **stdout, the clipboard, or a specified file** using `--out` or `-o`.
Understand exactly what `cleansh` redacts. Use the `--diff` or `-d` flag to **display a colored diff between the original and sanitized content**, highlighting all changes for quick review.
Whether you're debugging, collaborating, or ensuring compliance, `cleansh` simplifies data security.
Share problematic logs with colleagues or support teams without accidentally exposing API keys, user data, or network specifics. Ensures faster, safer issue resolution.
Automate the redaction of Personally Identifiable Information (PII) or other regulated data to comply with GDPR, CCPA, HIPAA, and internal security policies.
Integrate `cleansh` directly into your continuous integration and deployment pipelines to ensure all generated logs are sanitized before being stored or presented.
When contributing to public repositories, use `cleansh` to redact sensitive information from code snippets, issue descriptions, or discussion threads.
As `cleansh` evolves beyond its current stable version, we envision expanding its utility and integration capabilities for broader accessibility and advanced data protection needs.
A modular plugin architecture to allow dynamic loading of external, custom redaction logic and advanced functionalities.
Exploring VS Code extensions, a lightweight web GUI, and a WebAssembly (WASM) version for client-side, browser-based log sanitization.
Implement pre-commit or post-merge Git hooks to automatically sanitize commit messages or patch diffs before sharing them.
Investigate features like auto-detection of security tokens from various cloud providers and dynamic secrets for complex enterprise use cases.
"cleansh has been a game-changer for our team. Sharing logs is no longer a security headache. It just works, is fast, and gives us complete peace of mind. A must-have for any modern dev shop."
- Alex Chen, Lead DevOps Engineer at TechSolutions Inc.
cleansh is built on principles of security and reliability, making it the preferred choice for organizations serious about data privacy.
Installing `cleansh` is quick and easy. Choose your preferred method below.
Install via Script (macOS / Linux)
curl -sSf https://cleansh.sh/install.sh | sh
This script downloads the latest pre-compiled binary for your system. Note: `https://cleansh.sh/install.sh` is a placeholder URL for future distribution.
Install via Cargo (Rust)
cargo install cleansh
If you have the Rust toolchain installed, use Cargo to compile and install `cleansh` directly from crates.io.
Alternatively, download a pre-compiled binary for Windows, macOS, or Linux directly from GitHub releases, or build from source.