Open Source CLI Tool
Sanitize logs. Protect secrets.
LogShield strips API keys, tokens, and credentials from your logs using deterministic, rule-based detection. No AI. No cloud. No config. Just pipe in logs and get safe output.
Lines scanned 0
Secrets found 0
Status Ready
Raw logs with secrets
Safe, sanitized output
Logs flow everywhere
Your logs end up in bug reports, Slack channels, third-party monitoring services, and support tickets. Each destination is a potential leak point.
sk_live_4f9e... → Datadog
AKIA7X3F... → Slack #bugs
ghp_1234... → GitHub Issue
Debug pressure
When production is down, devs paste logs without checking for secrets. Speed beats security in the moment.
Hidden exposure
Secrets in logs sit in third-party system…
Open Source CLI Tool
Sanitize logs. Protect secrets.
LogShield strips API keys, tokens, and credentials from your logs using deterministic, rule-based detection. No AI. No cloud. No config. Just pipe in logs and get safe output.
Lines scanned 0
Secrets found 0
Status Ready
Raw logs with secrets
Safe, sanitized output
Logs flow everywhere
Your logs end up in bug reports, Slack channels, third-party monitoring services, and support tickets. Each destination is a potential leak point.
sk_live_4f9e... → Datadog
AKIA7X3F... → Slack #bugs
ghp_1234... → GitHub Issue
Debug pressure
When production is down, devs paste logs without checking for secrets. Speed beats security in the moment.
Hidden exposure
Secrets in logs sit in third-party systems for months. You don’t know they’re exposed until it’s too late.
01
Zero configuration
No flags, config files, or setup required. STDIN to STDOUT automatically. Works the moment you install it.
02
Structure preserved
Format, whitespace, and context stay intact. Only the sensitive values are replaced. Safe for debugging, diff, and audit.
03
Zero false positives
Explicit patterns mean we only redact what matches. No accidental corruption of legitimate data. No broken JSON or mangled headers.
04
Fail-fast for CI
Use –fail-on-detect to break your pipeline if secrets are found. Prevent leaks before they reach production.
Not an AI or ML-based tool. Rules are explicit and inspectable.
No cloud processing. Your logs never leave your machine.
No telemetry. No tracking. No data collection of any kind.
No mutation of log structure. Output is always diffable.
CI/CD Pipelines
Add to any build step
Log Shipping
Before sending to Datadog, Splunk
Local Debugging
Safe to paste anywhere
Incident Reports
Share logs without risk
–strict
Strict mode
Maximum detection sensitivity for high-security environments
–fail-on-detect
Fail on detect
Exit with error code if any secret is found. Perfect for CI gates.
–json
JSON output
Machine-readable output for integration with other tools
–summary
Summary report
Show statistics about what was found and redacted
How it works
Pipe in logs. Get safe output.
LogShield reads from stdin and writes sanitized logs to stdout. Three steps: parse log lines, apply explicit rules, output safe logs with structure intact.
→ STDIN is auto-detected when input is piped.
1
2npm install -g logshield-cli
3
4
5cat app.log | logshield scan > safe.log
6
7
8cat debug.log | logshield scan –strict
9
10
11cat build.log | logshield scan –fail-on-detect
12
13
14docker logs app | logshield scan | upload-logs
Start protecting your logs in 30 seconds.
Install LogShield and sanitize your first log file right now. No signup. No config. No cloud.
$ npm install -g logshield-cli