A workflow for cleaning leaked secrets from AI coding logs
The post says AI coding tools such as Claude Code can keep API keys, .env files, passwords, and other sensitive data in session history. It presents agentsweep, an open-source CLI that scans JSONL session files and redacts sensitive values without corrupting them. It also mentions backups, atomic writes, and guardrails to avoid data loss or touching active sessions.
Key points
- AI coding assistants may store sensitive values in local session history.
- agentsweep is described as a CLI for finding and redacting leaked API keys, passwords, and .env values.
- The workflow targets JSONL session files used by AI coding assistant histories.
- The post highlights backups, atomic writes, and guardrails as ways to reduce accidental damage.
- If you pasted secrets into an AI tool, check the history files as well as your code.
Quick term guide
- AI coding tools
- Programs like Claude, Cursor, or ChatGPT that write code for you when you describe what you want in plain language.
- AI coding tool
- Software that uses AI to help write, edit, or explain code.
- open-source
- Software whose code is shared publicly so others can inspect, use, or change it.
- guardrails
- Rules and checks that keep AI from doing harmful or unwanted things.
- config files
- Files that tell a tool how a project should work.
- config file
- A file that tells a tool how to behave.
- deployment
- The process of putting software changes into a running system.
- AI coding assistant
- A tool that uses AI to help write, fix, or explain code.