LocalMask scans your repo, masks every secret, organizational data, and PII into safe tokens, and lets you share code with AI — without leaking passwords, internal hostnames, or company details.
LocalMask runs entirely on your machine. It scans your repo, masks every credential, key, piece of PII, and organizational data into reversible tokens, then sends only safe tokens to Claude, GPT, or Gemini. Answers come back and get rehydrated locally — you stay in full control, and the real secrets never leave your local environment.
# payments-service/.env — sent to ClaudeDATABASE_URL=postgres://payments_rw~[DB_USER_0]~:pV9$kQ2!zR~[PASSWORD_0]~@db-prod-01.acme.internal~[HOST_0]~:5432~[PORT_0]~/payments~[DB_NAME_0]~STRIPE_SECRET_KEY=sk_live_51MspeZv8Klo2CqR7xY~[API_KEY_0]~JWT_SIGNING_KEY=hs256-9f3a7c1e8b2d4061~[API_KEY_1]~AWS_ACCESS_KEY_ID=AKIA5J7QX9P2M4RTUVWX~[AWS_KEY_0]~ONCALL_EMAIL=[email protected]~[EMAIL_0]~INTERNAL_API=https://vault.acme.internal~[HOST_1]~/v2
Annual licenses, validated offline (no monthly re-activation, no phone-home). Keys are per seat.
Then localmask publish <scan> <masked-repo-url> creates a private masked
git mirror your AI tools can safely read. Once we're on PyPI you'll also be able to
pip install localmask.
Full guide on GitHub →
100% local. 100% your control. We're opening a small private beta — leave your email and we'll reach out when it's ready.