A command-line tool for masking sensitive fields in configuration files.
cargo install maskitMask sensitive fields in a configuration file using default keywords:
maskit config.jsonThis creates config.maskit.json with sensitive fields replaced by *****.
Default keywords: key, secret, password, token, credential, auth, private, cert
Specify custom keywords to identify sensitive fields:
maskit config.yaml -k api,key,secret,token,password,credentialSave the masked file to a specific location:
maskit config.toml -o /path/to/masked-config.tomlUSAGE:
maskit [OPTIONS] <INPUT>
ARGS:
<INPUT> Input configuration file path
OPTIONS:
-h, --help Print help information
-k, --keywords <KEYWORDS> Keywords to search for in field names
[default: key,secret,password,token,credential,auth,private,cert]
-o, --output <OUTPUT> Output file path (default: adds .maskit before extension in current directory)
-s, --silent Silent mode - suppress all output
-V, --version Print version information
Input (config.json):
{
"api_key": "sk-1234567890abcdef",
"password": "super_secret_123",
"auth_token": "Bearer xyz789",
"private_key": "-----BEGIN RSA PRIVATE KEY-----",
"base_url": "https://api.example.com",
"database": {
"host": "localhost",
"db_password": "db_pass_123",
"connection_string": "postgresql://user:pass@localhost/db"
}
}Output (config.maskit.json):
{
"api_key": "*****",
"password": "*****",
"auth_token": "*****",
"private_key": "*****",
"base_url": "https://api.example.com",
"database": {
"host": "localhost",
"db_password": "*****",
"connection_string": "postgresql://user:pass@localhost/db"
}
}maskit app.yaml -k key,secret,tokenmaskit settings.toml -o safe-settings.tomlExecute without any output (useful for scripts):
maskit config.json -s- JSON (
.json) - YAML (
.yaml,.yml) - TOML (
.toml)
While Maskit helps prevent accidental exposure of sensitive data, always review masked files before sharing to ensure all sensitive information has been properly redacted.