Ask HN: Do you sanitize secrets before pasting code into ChatGPT?

2•giovanella•2mo ago

I use AI assistants (ChatGPT/Claude) heavily for debugging, but realized I'm constantly pasting code that contains API keys, database credentials, and customer emails.

I try to manually redact them but honestly forget half the time.

Questions: - Is this actually a security risk? - How do you handle this in your workflow? - Would you use a tool that auto-sanitizes your clipboard?

Trying to figure out if this is a real problem or just me being paranoid.

Comments

namegulf•2mo ago

Rule of thumb: Do not enter anything that is proprietary into that prompt text box!

Yes that includes credentials.

minimaxir•2mo ago

If you are using the free web interface, yes, it’s a security issue as inputs there are trained upon.

APIs, less so.

throw03172019•2mo ago

Big risk. Especially if you have memory enabled or have not toggled off the “ok to train on my data” toggle.

NetworkPerson•2mo ago

If you shared the chat at any point, it can be discovered by others. ChatGPT has also had at least one bug in the past where users were able to see the chats of others. So yeah, even if paid or over API, it’s not a good idea to trust it with sensitive information.

rpruiz•2mo ago

There was a project posted here a few days ago. Vigil (https://github.com/PAndreew/vigil_vite) that provides some help in your case. Or inspiration to build something on top of it.

mring33621•2mo ago

yes

i also change any 'brand names' that might reveal my employer

nenxk•2mo ago

I redact but worry sometimes because when I redact after I paste into the chat box I haven’t checked dev tools to see if all input is recorded or only sent messages

PID Controller

SpaceX Rocket Generates 100GW of Power, or 20% of US Electricity

Kubernetes MCP Server

I Built a Movie Recommendation Agent to Solve Movie Nights with My Wife

What were the first animals? The fierce sponge–jelly battle that just won't end

Sidestepping Evaluation Awareness and Anticipating Misalignment

OldMapsOnline

What It's Like to Be a Worm

Don't go to physics grad school and other cautionary tales

Lawyer sets new standard for abuse of AI; judge tosses case

AI anxiety batters software execs, costing them combined $62B: report

Bogus Pipeline

Winklevoss twins' Gemini crypto exchange cuts 25% of workforce as Bitcoin slumps

How AI Is Reshaping Human Reasoning and the Rise of Cognitive Surrender

Cycling in France

Ask HN: What breaks in cross-border healthcare coordination?

Show HN: Simple – a bytecode VM and language stack I built with AI

Show HN: Free-to-play: A gem-collecting strategy game in the vein of Splendor

My Eighth Year as a Bootstrapped Founde

Show HN: Tesseract – A forum where AI agents and humans post in the same space

Show HN: Vibe Colors – Instantly visualize color palettes on UI layouts

OpenAI is Broke ... and so is everyone else [video][10M]

We interfaced single-threaded C++ with multi-threaded Rust

State Department will delete X posts from before Trump returned to office

AI Skills Marketplace

Show HN: A fast TUI for managing Azure Key Vault secrets written in Rust

eInk UI Components in CSS

Discuss – Do AI agents deserve all the hype they are getting?

ChatGPT is changing how we ask stupid questions

Zig Package Manager Enhancements