PromptGod automatically masks API keys, passwords, and tokens when you paste into ChatGPT, Gemini, Copilot, and more — before they ever leave your browser.
No servers, no tracking, no external calls. PromptGod intercepts secrets before they leave your machine.
Intercepts paste events in chat inputs and masks secrets before they reach the AI. No manual steps needed.
Covers AWS, OpenAI, GitHub, Stripe, Slack, JWT, PEM private keys, connection strings, credit cards, and more.
Detects unknown secrets via Shannon entropy analysis, even without a matching regex pattern.
Lowers entropy thresholds on lines with _SECRET, _KEY, _TOKEN — catches custom-prefixed keys automatically.
Shows the first 1/4 of each secret with stars for the rest, preserving exact string length so JSON/YAML stays intact.
Line-isolated regex pipeline prevents cross-line bugs. PEM/RSA multiline keys are still handled correctly.
Click the extension icon to review all redacted secrets, saved locally via the background service worker.
Floating shield button to scan typed text on demand — for when you type secrets instead of pasting them.
Add your own regex patterns or keywords via the Settings page to catch company-specific secrets.
A two-phase pipeline processes your text in milliseconds, all inside the browser.
PEM / RSA private key blocks — the only rules allowed to span multiple lines — are detected and masked first.
Known vendor key patterns (OpenAI, AWS, Stripe, etc.), env assignments, DB URIs, Sentry DSNs, and 50+ more patterns are matched per line.
Passwords inside ://user:password@host and proxy_auth=user:pass@host strings are extracted and masked, even with special characters.
High-entropy unknown strings in config-like context are flagged via Shannon entropy analysis — catches secrets that no regex can match.
UUIDs, git commit hashes, transaction IDs, K8s API groups, repo URLs, and other operational content are preserved — no false alarms.
| Detection Layer | What It Catches |
|---|---|
| Regex Rules | Known vendor keys, env assignments, DB URIs, Sentry DSNs, etc. |
| Inline Credentials | ://user:password@host and proxy_auth=user:pass@host |
| Custom Prefixes | Vendor-specific patterns like cmp_sec_live_... |
| Entropy Engine | High-entropy unknown strings in config-like text |
| FP Filter | UUIDs, git SHAs, infra domains, JSON keys, repo URLs |
PromptGod runs on all major AI chat platforms. If you use it, we protect it.
One click from the Chrome Web Store. No setup, no build step, no account required.
Visit the PromptGod listing in the Chrome Web Store.
Click Add to Chrome and confirm the install prompt.
Click the puzzle icon in Chrome's toolbar and pin PromptGod for quick access to the Vault.
Visit any supported AI site and paste text containing API keys — they'll be masked automatically.
Open source, zero dependencies, and completely local. Your keys stay yours.
Add to Chrome