redact.sh is a dead-simple Bash script that redacts sensitive values from config files like .env, .json, and .yaml for safe sharing on support forums, Discord, or ChatGPT. It highlights redacted lines in red so you can quickly verify what's been scrubbed.
- ✅ Redacts full values for keys like
API_KEY,PASSWORD,SECRET_KEY, etc. - ✅ Reads custom patterns from
.redact-patterns - ✅ Supports
.env,.json, and.yamlformats - ✅ Highlights redacted lines in red in your terminal
- ✅ POSIX-compatible (works on macOS, Linux, WSL)
Input:
API_KEY=abcd1234
"api_key": "abcd1234",
api_key: abcd1234
SAFE_VAR=ThisIsFineOutput:
API_KEY=REDACTED ← in red
"api_key": "REDACTED", ← in red
api_key: REDACTED ← in red
SAFE_VAR=ThisIsFine./redact.sh path/to/your/file.envWant to test it?
./redact.sh sample.envEdit .redact-patterns to specify which keys should be redacted (case-insensitive):
API_KEY
PASSWORD
SECRET_KEY
JWT
DB_USER
If you want to make it globally available:
chmod +x redact.sh
sudo ln -s "$(pwd)/redact.sh" /usr/local/bin/redactNow you can run:
redact myfile.envMIT — do whatever you want, but don't blame me if you nuke your prod secrets 😇