Quick start
Redact all emails and IP addresses:[REDACTED]. To keep data linkable across events, use hashing instead:
usr_7kJ9mNpQ3xYz — the same input always produces the same hash, so you can still correlate events without storing raw PII.
Built-in patterns
| Pattern | Detects | Hash prefix |
|---|---|---|
email | Email addresses | usr_ |
phone | Phone numbers (international formats) | phn_ |
credit_card | Credit card numbers (13-19 digits) | cc_ |
ssn_us | US Social Security Numbers | ssn_ |
cpr_dk | Danish CPR numbers | cpr_ |
nino_uk | UK National Insurance Numbers | nin_ |
bsn_nl | Dutch BSN numbers | bsn_ |
ipv4 | IPv4 addresses | ip4_ |
ipv6 | IPv6 addresses | ip6_ |
passport | Passport numbers | pas_ |
iban | International Bank Account Numbers | iba_ |
Strategies
| Strategy | Output | Use when… |
|---|---|---|
redact (default) | [REDACTED] | You want PII completely removed |
hash | usr_7kJ9mNpQ3xYz | You need to correlate events without raw PII |
hash_key. Different keys produce different hashes, so each workspace can be isolated.
Targeted fields
Instead of scanning all strings (scan_all = true), you can target specific JSON paths for better performance:
Custom patterns
Define your own regex patterns for domain-specific PII:Reference
| Field | Default | Description |
|---|---|---|
type | — | "redact" |
strategy | "redact" | "redact" or "hash" |
hash_key | — | Secret key for HMAC-SHA256 (required if strategy = "hash") |
patterns | [] | Built-in pattern names to detect |
fields | [] | Targeted field objects: {path, pattern, strategy?} |
custom_patterns | [] | Custom regex objects: {name, regex, prefix} |
scan_all | false | Scan all string values (slower but comprehensive) |
enabled | true | Set to false to disable |
patterns, fields, or custom_patterns is required.