SecretSweeper is a ⚡ fast, in-memory secret-sanitizing Python module written in Zig, designed for 🚀 speed.
💡 Just want to remove all secret variables from the terraform plan output or any large file? SecretSweeper is here to help!
SecretSweeper is a Python library that can mask or remove known secrets from byte literals, files, or any file-like objects (io.BinaryIO).
- Written in Zig with no third-party dependencies. Leverages the stability of the Python Limited C API to create a single binary extension.
- Can wrap a file descriptor to read and sanitize data directly from the stream.
- Works well with multi-line secrets.
pip install secretsweeper ✨ To mask secrets from the bytes literal:
» python
import secretsweeper
print(secretsweeper.mask(b"Hello, Secret Sweeper!", (b'Secret', b'Sweeper')))
b'Hello, ****** *******!' Secrets may be completely removed by providing a third argument, limit=0, which specifies the maximum number of masking characters:
» python
import secretsweeper
print(secretsweeper.mask(b"Moby Dick!", [b" Dick"], limit=0))
b'Moby!' To effectively mask all secrets in a large text:
import urllib.request
import secretsweeper
url = "https://raw.githubusercontent.com/annotation/mobydick/main/txt/plain.txt"
with urllib.request.urlopen(url) as src, open("sanitized.txt", "wb") as dest:
stream = secretsweeper.StreamWrapper(
src, (b"Dick", b"savage", b"cannibal", b"harpooner")
)
for line in stream:
dest.write(line)More examples are in tests.
🌱 Contributions are always welcome — whether it’s a bug report, a small fix, or a big idea. If something here sparks your curiosity, jump in and help shape it. Open an issue or a pull request — even small contributions make a difference.
🪪 This is free software: you can redistribute it and/or modify it under the terms of the MIT License. A copy of this license is provided in LICENSE.