aura-redact 0.1.0

Two-pass secret and PII scrubber: regex patterns + Shannon-entropy detection. Drop-in for LLM logs and telemetry.
Documentation
  • Coverage
  • 100%
    3 out of 3 items documented1 out of 3 items with examples
  • Size
  • Source code size: 22.73 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 1.52 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 1m 25s Average build duration of successful builds.
  • all releases: 1m 25s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • Naridon-Inc/aura-redact
    0 0 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • MHASK

aura-redact

Crates.io docs.rs License: Apache-2.0

Two-pass secret and PII scrubber. Regex patterns catch what they can, then a Shannon-entropy pass catches the rest.

[dependencies]
aura-redact = "0.1"

Why

Most secret scanners miss random tokens that don't match a known prefix. Most entropy scanners flag normal English. aura-redact runs both, in order, so the regex pass catches the obvious stuff (ghp_…, sk-…, emails, IPs) and the entropy pass catches everything else over 5.2 bits/char.

Use it as a last line of defense before sending text to a third party — LLM context, error trackers, telemetry, support bundles.

Example

use aura_redact::Redactor;

let dirty = "
    Auth: ghp_aBcDeFgHiJkLmNoPqRsTuVwXyZ12345
    From: alice@example.com
    Server: 10.0.42.17
    Random: kJ8s2nF3lPq9wXvB7tYzM5cR1aH4dGuEi6oN0bVx
";

let clean = Redactor::scrub(dirty);
println!("{clean}");

Output:

    Auth: [REDACTED_TOKEN]
    From: [REDACTED_EMAIL]
    Server: [REDACTED_IP]
    Random: [REDACTED_HIGH_ENTROPY]

What it catches

Category Method
Emails regex
IPv4 addresses regex
sk-…, ghp_…, xoxb-…, AIza… tokens regex
Random / base64 / cryptographic keys (>20 chars, >5.2 bits/char entropy) Shannon entropy
Normal English preserved (sits at ~4.0–4.8 bits/char)

Status

  • ✅ Pattern pass (email, IP, common token prefixes)
  • ✅ Entropy pass (Shannon, configurable threshold internally)
  • ⏳ Configurable patterns and threshold via builder API (PRs welcome)

Origin

Extracted from Aura — the semantic version control engine for AI-generated code. Aura uses aura-redact before forwarding any source-code-derived strings to external LLM APIs.

License

Apache-2.0