Skip to main content
secrets_detection:
  enabled: true
  action: mask
  entities:
    - OPENSSH_PRIVATE_KEY
    - PEM_PRIVATE_KEY
    - API_KEY_SK
    - API_KEY_AWS
    - API_KEY_GITHUB
    - JWT_TOKEN
    - BEARER_TOKEN
    - ENV_PASSWORD
    - ENV_SECRET
    - CONNECTION_STRING
  max_scan_chars: 200000
  log_detected_types: true

Options

OptionDefaultDescription
enabledtrueEnable secrets detection
actionmaskAction when secrets found
entitiesAll supported typesSecret types to detect
max_scan_chars200000Max characters to scan (0 = unlimited)
log_detected_typestrueLog detected types (never logs content)

Actions

ActionDescription
maskReplace secrets with placeholders, restore in response (default)
blockReturn HTTP 400, request never reaches the provider
route_localRoute to local LLM (requires route mode)

Mask (Default)

secrets_detection:
  action: mask

Block

secrets_detection:
  action: block

Route to Local

mode: route
secrets_detection:
  action: route_local

Secret Types

All supported secret types are enabled by default. Set entities to a smaller list if you want to scan only specific categories.

Private Keys

secrets_detection:
  entities:
    - OPENSSH_PRIVATE_KEY  # -----BEGIN OPENSSH PRIVATE KEY-----
    - PEM_PRIVATE_KEY      # RSA, PRIVATE KEY, ENCRYPTED PRIVATE KEY

API Keys

secrets_detection:
  entities:
    - API_KEY_SK       # sk-/sk_ prefix (OpenAI, Anthropic, Stripe, RevenueCat)
    - API_KEY_AWS      # AKIA... (20 chars)
    - API_KEY_GITHUB   # ghp_, gho_, ghu_, ghs_, ghr_ (40+ chars)

Tokens

secrets_detection:
  entities:
    - JWT_TOKEN      # eyJ... (three base64 segments)
    - BEARER_TOKEN   # Bearer ... (40+ char tokens)

Environment Variables

secrets_detection:
  entities:
    - ENV_PASSWORD       # DB_PASSWORD=..., ADMIN_PWD=... (8+ char values)
    - ENV_SECRET         # APP_SECRET=..., JWT_SECRET=... (8+ char values)
    - CONNECTION_STRING  # postgres://user:pass@host, mongodb://user:pass@host

Scan Roles

By default, PasteGuard scans user messages and tool results. It skips system, developer, and assistant text. Set scan_roles to replace that default:
secrets_detection:
  scan_roles:
    - user
    - tool
    - function
    - mcp
Scan labelDescription
userUser messages
assistantAssistant responses
systemSystem prompts
developerDeveloper prompts
toolTool results, including file reads and shell output
functionLegacy OpenAI function results
mcpPasteGuard internal label for MCP tool items, such as Codex mcp_tool_call output
If scan_roles is set, PasteGuard scans exactly those roles.

Performance

For large payloads, limit scanning:
secrets_detection:
  max_scan_chars: 200000  # 200KB default
  # max_scan_chars: 0     # Scan entire request
Secrets placed after the limit won’t be detected.