How It Works
Quick Start
Redaction Patterns
Automatically redacted:| Pattern | Example |
|---|---|
| OpenAI keys | sk-abc123... |
| Anthropic keys | sk-ant-... |
| Google API keys | AIzaSy... |
| Google OAuth | ya29.... |
| AWS access keys | AKIA... |
| Bearer tokens | Bearer ... |
| Passwords | password = "..." |
| API keys | api_key: "..." |
Using Redaction
Path Validation
Ignore/Include Patterns
Respect.praisonignore and .praisoninclude files:
.praisonignore
.praisoninclude
Configuration
Environment Variables
Redaction in Snapshots
All snapshot outputs are redacted:Adding Custom Patterns
Best Practices
Keep redaction enabled
Keep redaction enabled
Default redaction is on for a reason — do not disable it in shared or production environments.
Prefer relative paths in snapshots
Prefer relative paths in snapshots
Absolute paths can leak usernames and directory layout to logs or support tickets.
Maintain .praisonignore
Maintain .praisonignore
Exclude secrets, credentials, and env files from context indexing and snapshots.
Rotate keys if exposed
Rotate keys if exposed
If a snapshot ever captured a live secret, rotate the credential immediately — redaction is not retroactive.
Related
Context Monitor
Snapshot output and formats
Protected Paths
Restrict file access in agents

