Secrets Detection

Developers regularly paste credentials into prompts without noticing:

• .env file contents when debugging config
• Database URLs when asking for query help
• API keys when troubleshooting auth errors
• SSH private keys when working through certificate issues

PromptShield catches these before the prompt reaches the LLM, with no external API and no data leaving your infrastructure.

What gets detected

Try it

Paste a .env file into a prompt:

curl -X POST http://localhost:8080/v1/chat/completions \
  -H "Content-Type: application/json" \
  -d '{
    "model": "gemini-2.0-flash",
    "messages": [{
      "role": "user",
      "content": "Why is this broken?\n\nOPENAI_API_KEY=sk-proj-abc123def456\nDB_URL=postgres://admin:password@prod.db:5432/app"
    }]
  }'

{ "error": "request blocked: secret detected in prompt" }

The LLM was never called. No tokens consumed. The audit log records the entity type, not the secret value.

Policy

secrets:
  action: block # block | allow

block returns HTTP 403 and stops the request. allow passes it through. mask is not supported for secrets because a partially redacted key may still be usable.

warn (log and pass through) is coming soon.

See Policy for the full config reference.

Audit logs

The entities_detected field records the type name only. The actual credential never appears in logs.

{
  "action": "block",
  "entities_detected": ["SECRET_OPENAI_API_KEY"],
  "reasons": ["blocked secret detected: SECRET_OPENAI_API_KEY"]
}

Scope

Secrets detection runs on prompt text. It does not scan request headers, file attachments, or multimodal inputs. If your app summarizes user-uploaded files by passing their content into a prompt, that content will be scanned.