Filter by type:
Filter by tags:
secret-filter
Repository: localaiLicense: apache-2.0
secret-filter
A pattern-based PII detector for high-entropy, highly-regular secrets — API keys, tokens, and private-key blocks — that the NER tier cannot catch (it has no credential class, so it fragments a key and may leave the secret part exposed). Detection is bounded restricted-regex compiled to RE2 (linear time, no backtracking); it runs entirely in-process with no model download, no backend, and zero VRAM. Install it, then reference it under another model's pii.detectors (or set it as the instance-wide default detector on the Middleware page) to block leaks of known credential formats out of the box. Add your own patterns under pii_detection.patterns in a restricted regex subset (e.g. "tok-\\w{32,}"); each must carry a fixed literal anchor of at least 3 characters, so open- ended shapes like email addresses are rejected and left to the NER tier.
Links
Tags