🍑#FTF

PeachSanitize

A PowerShell module that strips sensitive data from JSON payloads before you paste them into AI tools like ChatGPT or Claude. Runs entirely locally — no network calls, no cloud upload.

PowerShellAI SecurityDLPMSP ToolsData SanitizationOpen Source
View on GitHub

The Problem

MSP technicians paste JSON into AI tools every day — API responses, config files, ticket data, automation payloads. Those payloads routinely contain API keys, tokens, email addresses, and internal hostnames that should never leave the client environment. The manual find-and-replace approach is slow, error-prone, and easy to miss. A single overlooked field can expose a client's credentials or PII to a third-party AI service. Most teams have no enforced process at all.

How It Works

  1. 1

    Layer 1 — Key-name heuristic

    Before examining the value, PeachSanitize checks whether the JSON key name contains sensitive words like password, secret, token, key, apikey, auth, or credential (case-insensitive). If matched, the value is replaced regardless of its content — catching the most common MSP scenario where field names already signal sensitivity.

  2. 2

    Layer 2 — Regex pattern matching

    If the key is neutral, the value is tested against a library of patterns: JWT/Bearer tokens, email addresses, URLs with embedded credentials, IPv4 addresses, US phone numbers, Social Security Numbers, credit card numbers (Luhn-validated), and FQDNs. The first match wins.

  3. 3

    Layer 3 — Shannon entropy detection

    If no pattern matched, the module calculates Shannon entropy on the string. A value scoring above 3.5 with at least 20 characters is flagged as a probable API key or secret — catching raw AWS keys, random UUIDs used as tokens, and custom vendor credentials that do not match known formats.

  4. 4

    Plausible replacements

    Detected values are replaced with realistic-looking alternatives (fake emails, same-length keys, 192.168.x.x IPs, (555) 000-xxxx phones) so the sanitized JSON still makes sense to the AI. Replacements are seeded from a new GUID each run — no two runs produce the same output.

Installation & Usage

# Install from PowerShell Gallery
Install-Module PeachSanitize
Import-Module PeachSanitize

# Sanitize a file and print to stdout
Invoke-JsonSanitize -Path ./response.json

# Sanitize a string from the pipeline
$json | Invoke-JsonSanitize

# Preview what would be replaced — without changing anything
Invoke-JsonSanitize -Path ./response.json -DryRun

# Write sanitized output to a file
Invoke-JsonSanitize -Path ./payload.json -OutFile ./payload.sanitized.json

# Pipe straight to clipboard (PowerShell 7)
Get-Content ./payload.json -Raw | Invoke-JsonSanitize | Set-Clipboard

About This Tool

PeachSanitize is a free, open-source PowerShell module built for MSP and MSSP technicians who regularly paste JSON into AI tools. API responses, config files, ticket data, and automation payloads routinely contain API keys, tokens, email addresses, and internal hostnames that should never leave the client environment. The manual alternative — find-and-replace in a text editor — is slow, inconsistent, and easy to miss. PeachSanitize makes the safe path the fast path: one command, entirely local, no data ever leaves the machine. Requires PowerShell 5.1 or later (Windows PowerShell or PowerShell 7+) with no external dependencies.

Related Tools

AI Usage Discovery

A lightweight PowerShell tool for MSPs to discover employee AI usage across ChatGPT, Claude, Gemini, Perplexity, and 70+ other AI apps.

PowerShellAI Security

Want to influence what we build next?

Visit the Voting Board

Get Next Week's Free Tool

Join MSPs getting free tools delivered to their inbox every Friday.