String Masking

What is String Masking?

String Masking is a free in-browser redaction tool that turns sensitive text into a safely shareable form. It offers two modes you switch between with a toggle: Manual masking keeps a set number of leading and trailing characters (the Keep start and Keep end fields) and stars out the middle of every line, while Auto-detect scans free text and masks API keys, JWT tokens, emails, credit card numbers, phone numbers and IPv4 addresses on its own. Developers, support and QA staff, and privacy-minded writers use it to scrub logs, screenshots-to-text, bug reports, and chat transcripts before pasting them into tickets, docs or AI prompts. You can change the mask character in settings, the output updates live as you type, and a counter shows how many secrets were detected. Because it is pure regular-expression processing, it is fast, deterministic and fully offline.

How to use String Masking

1. Choose a mode: Manual masking to keep set characters at each end, or Auto-detect to find and mask secrets automatically.
2. For Manual mode, set Keep start and Keep end to the number of characters you want to leave visible at the front and back of each line.
3. Paste or type the text you want to redact into the Input box; each line is masked independently.
4. Read the redacted result in the Output box, which updates instantly as you type.
5. Optionally open settings to change the mask character, then copy the masked output with the copy button.

Examples

alice@example.com

al*************om

user bob@acme.io paid with card 4242 4242 4242 4242 token sk_live_AbCdEf123456

user b***@acme.io paid with card **** 4242 token ********

Frequently asked questions

Is my text uploaded anywhere?

No. All masking runs 100% client-side in your browser with plain JavaScript and regular expressions. Your input is never sent to or stored on any server, so it is safe for logs, secrets and personal data, and it keeps working offline.

What is the difference between Manual and Auto-detect modes?

Manual masking keeps the number of leading and trailing characters you choose and stars out the middle of each line, which is ideal when you know the exact format. Auto-detect scans free text and masks recognized secrets — API keys, JWTs, emails, credit card numbers, phone numbers and IPv4 addresses — without you specifying positions.

Which kinds of secrets can Auto-detect find?

It looks for common patterns: email addresses, credit card numbers (13-19 digits), phone numbers, IPv4 addresses, JWT tokens, and API-key prefixes such as Stripe (sk_/pk_), GitHub (ghp_, gho_…), Slack (xox…) and AWS access keys (AKIA…). Detection is pattern-based, so unusual formats may be missed — always review the output.

Can I change the masking character?

Yes. Open the settings panel and set any character (for example *, •, x or #). The first character you enter is used as the mask, and it applies to both modes.

Does it handle multiple lines and Unicode?

Yes. In Manual mode each line is masked independently, so you can redact a whole list at once. Masking works on Unicode code points, so emojis and accented characters are not split.