← Back to Features

JSON Anonymizer

Context-aware secret detection for JSON-structured data

LogScrub's JSON anonymizer goes beyond simple pattern matching. It understands JSON structure and detects sensitive values based on their key names—finding passwords, tokens, and secrets that pattern matching alone would miss.

📸 Screenshot placeholder: Context-Aware suggestions panel showing detected secrets

How Context-Aware Detection Works

Traditional PII detection looks for patterns like sk_live_... or email formats. Context-aware detection finds sensitive values by their key names:

Detection by Key Name
Original JSON
{
  "user": "admin",
  "password": "myS3cretP@ss",
  "api_token": "abc123xyz",
  "session_id": "sess_789"
}
Detected Secrets
✓ password → "myS3cretP@ss"
  (High confidence: key contains "password")

✓ api_token → "abc123xyz"
  (High confidence: key contains "token")

✓ session_id → "sess_789"
  (Medium confidence: key contains "session")

Suspicious Key Names

LogScrub detects values associated with these key patterns:

password passwd secret token api_key apikey access_key auth credential private_key session cookie bearer jwt oauth ssn credit_card cvv

Before & After Examples

API Configuration

Config File with Credentials
Before
{
  "database": {
    "host": "db.internal.corp",
    "user": "app_user",
    "password": "Pr0dP@ssw0rd!"
  },
  "stripe": {
    "api_key": "sk_live_4eC39HqLyjW",
    "webhook_secret": "whsec_abc123"
  }
}
After
{
  "database": {
    "host": "[HOST-1]",
    "user": "[USER-1]",
    "password": "[REDACTED]"
  },
  "stripe": {
    "api_key": "[API-KEY-1]",
    "webhook_secret": "[REDACTED]"
  }
}

Structured Log Entry (NDJSON)

JSON Lines Log Format
Before
{"ts":"2024-01-15T10:30:00Z","level":"info","user_email":"john@corp.com","action":"login","ip":"192.168.1.50"}
{"ts":"2024-01-15T10:30:05Z","level":"debug","auth_token":"eyJhbGc...","refresh_token":"rt_abc123"}
After
{"ts":"2024-01-15T10:30:00Z","level":"info","user_email":"[EMAIL-1]","action":"login","ip":"[IP-1]"}
{"ts":"2024-01-15T10:30:05Z","level":"debug","auth_token":"[JWT-1]","refresh_token":"[REDACTED]"}

Nested Objects

Deeply Nested Secrets
Before
{
  "config": {
    "services": {
      "payment": {
        "credentials": {
          "client_secret": "cs_abc123"
        }
      }
    }
  }
}
After
{
  "config": {
    "services": {
      "payment": {
        "credentials": {
          "client_secret": "[REDACTED]"
        }
      }
    }
  }
}

Supported Formats

Pure JSON

Standard JSON files with objects, arrays, and nested structures.

{"user": "john", "password": "secret123"}

NDJSON / JSON Lines

Newline-delimited JSON, common in log aggregation systems.

{"event": "login", "user": "alice"}
{"event": "logout", "user": "alice"}

Embedded JSON in Logs

Log lines that contain JSON payloads mixed with text.

2024-01-15 INFO Request received: {"user_id": 123, "api_key": "abc"}

Confidence Levels

Context-aware findings are ranked by confidence:

Syntax Validation

LogScrub validates your JSON syntax and shows errors with clickable line numbers:

✗ JSON Syntax Error at line 5, column 12:
  Expected ':' but found '}'

  Click to jump to error location

Valid JSON shows a green checkmark indicator.

Ready to sanitize your JSON?

Drop your JSON file into LogScrub to detect and remove secrets.

Launch LogScrub