Skip to main content

Secret Scanner

PastePrompt can run local secret scanning before copy/export so users can review likely sensitive values before generated context leaves the app.

Download for macOSBuy Pro

Why it matters

  • Context bundles may include config files, tests, fixtures, diffs, or notes that contain sensitive values.
  • A preflight scanner helps reduce accidental exposure during LLM workflows.
  • Audit teams need a clear stop-and-review step before copying code into external tools.

How it works

  • Enable Balanced or Strict scanner mode to scan the generated bundle locally before copy/export.
  • Show findings with redacted previews so users can understand the issue without exposing full values.
  • Let users redact detected values, exclude affected files, or cancel the copy/export.
  • Record secret-scan summary metadata in prompt history without storing finding values.

Example workflow

  1. Build the context selection.
  2. Start copy or Markdown export.
  3. Review any scanner findings.
  4. Choose redaction, affected-file exclusion, or cancel.
  5. Continue only after the generated output is acceptable.

Example review options

  • Redact detected values and regenerate the bundle locally.
  • Exclude files affected by findings and regenerate the bundle.
  • Cancel copy/export and adjust selected files or ignore rules.
  • Use advanced confirmation only when intentionally accepting the risk.

Limitations

  • Secret scanning helps reduce risk; it cannot guarantee that no sensitive value is present.
  • The scanner can produce false positives and false negatives.
  • If scanner strictness is disabled, copy/export will not get the same preflight gate.

Build a repeatable context workflow.

Download the macOS app, review the docs, and contact support for Founder or Pro licensing during launch.

Download for macOSView pricing