Redact API Keys & Secrets Before Pasting into Microsoft Copilot
Stripe secret keys (sk_live_…), OpenAI API keys (sk-…), Google API keys (AIza…), GitHub tokens (ghp_…), and generic bearer tokens found in code reviews or error messages. — automatically detected and replaced with labelled placeholders before your text ever reaches Microsoft Copilot. Processing runs entirely in your browser. Zero bytes leave your device.
GitHub's secret scanning detected over 39M exposed secrets in 2024 — a 28% increase year-over-year. AI chatbots are now the #2 accidental exposure vector.
Relevant Compliance Frameworks
This use case intersects with the following regulations and standards. CleanMyPrompt is a data minimisation tool — it is not a substitute for legal advice or certified compliance software.
Why this matters for Microsoft Copilot: Microsoft 365 Copilot is covered by Microsoft's EU Data Boundary commitments; consumer Copilot is not.
What Gets Redacted — Example
Authorization: Bearer sk-proj-abc123XYZ stripe_key = sk_live_51H9fK2ABCDEF
Authorization: Bearer [API-KEY] stripe_key = [API-KEY]
Who Uses This
- Developers asking AI to debug code containing secrets
- Security engineers reviewing code with AI
- CTOs auditing AI usage across engineering teams
The Regulatory Risk
OWASP API8 (Security Misconfiguration) lists hardcoded credentials as the top API security risk. PCI DSS Requirement 3.4 mandates that cardholder data — including payment API keys — is protected at rest and in transit.
Ready to protect your api keys & secrets?
Zero login. Zero uploads. Works in any browser.