Sensitive by default
Secret masking
JWTs, env vars, curl Bearer tokens, and API keys in JSON/YAML are masked in the list. Reveal only when you need to.
- Auto-masked.
- JWTs, env vars, curl auth headers (Bearer, X-Api-Key, Cookie), API keys in JSON/YAML/TOML/INI, shell args (--password=, TOKEN=), URL query params (token, api_key).
- Reveal on demand.
- Click to expand; stays masked in the list.
- URL masking.
- Long URLs truncated until you need them; sensitive query params masked.
