I kept running into the same problem during incidents: something breaks, I need help fast, and the quickest path is pasting logs into ChatGPT or a vendor ticket — but I’d often realize too late I’d leaked API keys or database URLs.

BlackTent is a local CLI that redacts secrets before anything leaves your machine. It scans code, configs, and (optionally) logs, replaces credentials deterministically, and outputs a reviewable bundle you can inspect before sharing.

How it works:

Scans project files for common secret patterns (API keys, tokens, env vars, DB URLs)

Replaces them with deterministic placeholders (same secret → same placeholder)

Produces a bundle + manifest showing exactly what was redacted

Properties:

Runs entirely locally (no network calls, telemetry, or history)

Deterministic and diffable

Redaction rules are fixed and inspectable

Logs are opt-in (they’re risky and context-heavy)

Example:

blacktent bundle . # Creates incident-2025-01-28.tar.gz # Review the manifest, then share the bundle

This is not a security boundary or forensic tool — it’s meant to reduce accidental leakage under time pressure.

I’d especially appreciate feedback on edge cases, false-positive tolerance, and integrations people would actually use.