Ask HN: Do you sanitize secrets before pasting code into ChatGPT?

2•giovanella•2mo ago

I use AI assistants (ChatGPT/Claude) heavily for debugging, but realized I'm constantly pasting code that contains API keys, database credentials, and customer emails.

I try to manually redact them but honestly forget half the time.

Questions: - Is this actually a security risk? - How do you handle this in your workflow? - Would you use a tool that auto-sanitizes your clipboard?

Trying to figure out if this is a real problem or just me being paranoid.

Comments

namegulf•2mo ago

Rule of thumb: Do not enter anything that is proprietary into that prompt text box!

Yes that includes credentials.

minimaxir•2mo ago

If you are using the free web interface, yes, it’s a security issue as inputs there are trained upon.

APIs, less so.

throw03172019•2mo ago

Big risk. Especially if you have memory enabled or have not toggled off the “ok to train on my data” toggle.

NetworkPerson•2mo ago

If you shared the chat at any point, it can be discovered by others. ChatGPT has also had at least one bug in the past where users were able to see the chats of others. So yeah, even if paid or over API, it’s not a good idea to trust it with sensitive information.

rpruiz•2mo ago

There was a project posted here a few days ago. Vigil (https://github.com/PAndreew/vigil_vite) that provides some help in your case. Or inspiration to build something on top of it.

mring33621•2mo ago

yes

i also change any 'brand names' that might reveal my employer

nenxk•2mo ago

I redact but worry sometimes because when I redact after I paste into the chat box I haven’t checked dev tools to see if all input is recorded or only sent messages

Show HN: Solving NP-Complete Structures via Information Noise Subtraction (P=NP)

Cook New Emojis

Show HN: LoKey Typer – A calm typing practice app with ambient soundscapes

Long-Sought Proof Tames Some of Math's Unruliest Equations

Hacking the last Z80 computer – FOSDEM 2026 [video]

Browser-use for Node.js v0.2.0: TS AI browser automation parity with PY v0.5.11

Michael Pollan Says Humanity Is About to Undergo a Revolutionary Change

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

Anofox Forecast

Ask HN: How do you figure out where data lives across 100 microservices?

Motus: A Unified Latent Action World Model

Rotten Tomatoes Desperately Claims 'Impossible' Rating for 'Melania' Is Real

The protein denitrosylase SCoR2 regulates lipogenesis and fat storage [pdf]

Los Alamos Primer

NewASM Virtual Machine

Terminal-Bench 2.0 Leaderboard

I vibe coded a BBS bank with a real working ledger

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue