{
  "slug": "json-redact",
  "name": "gizza-ai/json-redact",
  "version": "0.1.0",
  "title": "JSON Redact — Mask Secrets, API Keys & Tokens in JSON — gizza.ai",
  "description": "Detect and mask secrets — API keys, tokens, passwords, private keys and emails — in a JSON document before sharing. Structure-aware, in your browser, nothing uploaded.",
  "tags": [
    "json redact",
    "mask secrets",
    "redact api keys",
    "remove tokens",
    "sanitize json",
    "hide passwords",
    "json privacy",
    "scrub secrets"
  ],
  "category": "data",
  "urls": {
    "page": "https://gizza.ai/tools/json-redact/",
    "markdown": "https://gizza.ai/tools/json-redact/index.md",
    "descriptor": "https://gizza.ai/tools/json-redact/tool.json",
    "deep_link_example": "https://gizza.ai/tools/json-redact/?json=%7B%22user%22%3A%20%22ada%22%2C%20%22api_key%22%3A%20%22AKIAIOSFODNN7EXAMPLE%22%2C%20%22password%22%3A%20%22hunter2%22%7D&style=redacted&placeholder=%5BREDACTED%5D&detect_values=true&extra_keys=nickname%2C%20phone"
  },
  "cli": "gizza tool json-redact \"{\"user\": \"ada\", \"api_key\": \"AKIAIOSFODNN7EXAMPLE\", \"password\": \"hunter2\"}\"",
  "tool": {
    "description": "Detect and mask secrets — API keys, tokens, passwords, private keys and emails — inside a JSON document before sharing it, keeping the JSON structure and key order intact. Detects both sensitive KEY names (password, secret, api_key, token, private_key, authorization, email, ssn…) and, when detect_values is on (default), secret-looking string VALUES (JWTs, AWS AKIA/OpenAI sk-/GitHub gh?_/Stripe/Google AIza/Slack keys, PEM private-key blocks, emails). style controls the replacement (redacted→placeholder, mask→'***', null, empty, preserve-length). placeholder sets the redacted text; extra_keys adds your own field-name markers. Returns the redacted JSON plus a count and the JSON path of every redacted value. Runs locally — the document never leaves the device.",
    "parameters": {
      "additionalProperties": false,
      "properties": {
        "detect_values": {
          "default": true,
          "description": "Also scan string VALUES for secret patterns (JWTs, AWS/OpenAI/GitHub/Stripe/Google/Slack keys, PEM private keys, emails), not just sensitive key names. Default true.",
          "type": "boolean"
        },
        "extra_keys": {
          "default": "",
          "description": "Comma-separated extra key-name markers to always redact, e.g. 'nickname,phone'. Matched case-insensitively as substrings of the normalized key. Default empty.",
          "type": "string"
        },
        "json": {
          "description": "The JSON document to scan and redact. Must be valid JSON (object, array or value).",
          "type": "string"
        },
        "placeholder": {
          "default": "[REDACTED]",
          "description": "Replacement text used when style=redacted. Default '[REDACTED]'.",
          "type": "string"
        },
        "style": {
          "default": "redacted",
          "description": "How to replace each detected secret: redacted (default) inserts the placeholder text; mask inserts '***'; null replaces with JSON null; empty replaces with \"\"; preserve-length replaces a string with '*' repeated to its original length.",
          "enum": [
            "redacted",
            "mask",
            "null",
            "empty",
            "preserve-length"
          ],
          "type": "string"
        }
      },
      "required": [
        "json"
      ],
      "type": "object"
    }
  }
}