Ask HN: Do you sanitize secrets before pasting code into ChatGPT?

2•giovanella•2mo ago

I use AI assistants (ChatGPT/Claude) heavily for debugging, but realized I'm constantly pasting code that contains API keys, database credentials, and customer emails.

I try to manually redact them but honestly forget half the time.

Questions: - Is this actually a security risk? - How do you handle this in your workflow? - Would you use a tool that auto-sanitizes your clipboard?

Trying to figure out if this is a real problem or just me being paranoid.

Comments

namegulf•2mo ago

Rule of thumb: Do not enter anything that is proprietary into that prompt text box!

Yes that includes credentials.

minimaxir•2mo ago

If you are using the free web interface, yes, it’s a security issue as inputs there are trained upon.

APIs, less so.

throw03172019•2mo ago

Big risk. Especially if you have memory enabled or have not toggled off the “ok to train on my data” toggle.

NetworkPerson•2mo ago

If you shared the chat at any point, it can be discovered by others. ChatGPT has also had at least one bug in the past where users were able to see the chats of others. So yeah, even if paid or over API, it’s not a good idea to trust it with sensitive information.

rpruiz•2mo ago

There was a project posted here a few days ago. Vigil (https://github.com/PAndreew/vigil_vite) that provides some help in your case. Or inspiration to build something on top of it.

mring33621•2mo ago

yes

i also change any 'brand names' that might reveal my employer

nenxk•2mo ago

I redact but worry sometimes because when I redact after I paste into the chat box I haven’t checked dev tools to see if all input is recorded or only sent messages

Go-busybox: A sandboxable port of busybox for AI agents

Quantization-Aware Distillation for NVFP4 Inference Accuracy Recovery [pdf]

xAI Merger Poses Bigger Threat to OpenAI, Anthropic

Atlas Airborne (Boston Dynamics and RAI Institute) [video]

Zen Tools

Is the Detachment in the Room? – Agents, Cruelty, and Empathy

The purpose of Continuous Integration is to fail

Apfelstrudel: Live coding music environment with AI agent chat

What Is Stoicism?

What happens when a neighborhood is built around a farm

Every major galaxy is speeding away from the Milky Way, except one

Extreme Inequality Presages the Revolt Against It

There's no such thing as "tech" (Ten years later)

What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work

Ask HN: Anyone orchestrating multiple AI coding agents in parallel?

Show HN: Knowledge-Bank

Show HN: The Codeverse Hub Linux

Take a trip to Japan's Dododo Land, the most irritating place on Earth

British drivers over 70 to face eye tests every three years

BookTalk: A Reading Companion That Captures Your Voice

Is AI "good" yet? – tracking HN's sentiment on AI coding

Show HN: Amdb – Tree-sitter based memory for AI agents (Rust)

OpenClaw Partners with VirusTotal for Skill Security

Show HN: Seedance 2.0 Release

Leisure Suit Larry's Al Lowe on model trains, funny deaths and Disney

Towards Self-Driving Codebases

VCF West: Whirlwind Software Restoration – Guy Fedorkow [video]

Show HN: COGext – A minimalist, open-source system monitor for Chrome (<550KB)

FOSDEM 26 – My Hallway Track Takeaways

Show HN: Env-shelf – Open-source desktop app to manage .env files