biip (Beep + PII) is a tool (and a library) to scrub PII from text.
For Linux and MacOS, you can install biip using the pre-built binaries:
curl -sfSL https://raw.githubusercontent.com/crodjer/biip/main/download.sh | bash
If you have Rust installed, you can install biip using Cargo:
cargo install biip
Pipe any text to biip to have it scrub away sensitive information.
For example, if you have a file with content:
Hi, I am "awesome-user"
Current Directory: /Users/awesome-user/foo/bar/baz
My Secret Key: mAM3zwogXpV6Czj6J
My Email: [email protected]
My IPs:
- 2001:db8:85a3::8a2e:370:7334
- 8.8.8.8
Connect via ftp://user:[email protected]
Auth token is eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxMjM0In0.sZtZQ...
My MAC address is 00-1A-2B-3C-4D-5E.
biip can redact some sensitive information from it:
$ biip /tmp/info.txt
─── /tmp/info.txt ───
Hi, I am "user"
Current Directory: ~/foo/bar/baz
My Secret Key: ••••⚿•
My Email: •••@•••
My IPs:
- ••:••:••:••:••:••:••:••
- ••.••.••.••
Connect via ftp://••••:••••@example.com
Auth token is ••••🌐•
My MAC address is ••:••:••:••:••:••.
Other ways to run:
- From stdin:
cat /tmp/info.txt | biip - Interactive: run
biip, type in or paste your text in the editor. For example:biip | pbcopycan be used to paste or type in arbitrary text and copy it to the clipboard.
Biip can scrub:
- Unix (Linux/Mac) username: It removes any mention of a user's Unix username.
- Home directory: It replaces paths referring to the home directory with
~. - URL Credentials: Scrubs usernames and passwords from URLs (e.g.,
https://user:pass@...). - Email Addresses: Replaces emails with
•••@•••. - IP Addresses: Redacts public IPv4 and IPv6 addresses (skips local/private addresses).
- MAC Addresses: Replaces MAC addresses.
- Phone Numbers: Redacts common phone number formats.
- Credit Card Numbers: Redacts common credit card number patterns.
- JSON Web Tokens (JWTs): Finds and redacts JWTs.
- API Keys: Redacts common API key formats from providers like AWS, OpenAI, etc.
- UUIDs: Replaces UUIDs with a redacted pattern.
- Keys / Passwords from environment: It replaces the values for any potentially sensitive environment variables with:
••••⚿•. - Custom patterns (BIIP_*): Any environment variable whose name starts with
BIIP(e.g.,BIIP_PERSONAL_PATTERNS,BIIP_SENSITIVE) has its value redacted with••••⚙•.
When sharing code with LLMs for AI assistance, running it through biip would
be beneficial to strip out any sensitive info. Like this:
fd -t f | xargs biip | pbcopyThis will copy your entire codebase to clipboard, excluding large files and
redact sensitive information. On Linux, use xclip (for X11) and wl-copy (for
wayland) instead of pbcopy.
To exclude files (like LICENSE, Cargo.lock, .svg, etc.) which could unnecessarily
bloat context, use .fdignore.
Note: When reading files via arguments (including
xargs biip),biipautomatically skips binary files. You usually don't need to exclude image formats explicitly.
biip considers .env, so it'll remember to not share any sensitive keys even
if .env's content was in the stdin.
So, biip would redact (keys, secrets etc) from the output:
$ cat .env | biip
S3_KEY="••••⚿•"
S3_SECRET="••••⚿•"
OPENAI_API_KEY="••••☁️•"
BIIP_PERSONAL_PATTERNS="••••⚙•"
BIIP_SENSITIVE="••••⚙•"Type in / paste arbitrary test and copy it to clipboard.
$ biip | pbcopy