LocalMask runs entirely on your machine. It scans your repo, masks every credential, key, and piece of PII into reversible tokens, then sends only safe tokens to Claude, GPT, or Gemini. Answers come back and get rehydrated locally — you stay in full control, and the real secrets never leave your local environment.
# payments-service/.env — sent to ClaudeDATABASE_URL=postgres://payments_rw~[DB_USER_0]~:pV9$kQ2!zR~[PASSWORD_0]~@db-prod-01.acme.internal~[HOST_0]~:5432~[PORT_0]~/payments~[DB_NAME_0]~STRIPE_SECRET_KEY=sk_live_51MspeZv8Klo2CqR7xY~[API_KEY_0]~JWT_SIGNING_KEY=hs256-9f3a7c1e8b2d4061~[API_KEY_1]~AWS_ACCESS_KEY_ID=AKIA5J7QX9P2M4RTUVWX~[AWS_KEY_0]~ONCALL_EMAIL=dana.cohen@acme-bank.com~[EMAIL_0]~INTERNAL_API=https://vault.acme.internal~[HOST_1]~/v2
100% local. 100% your control. We're opening a small private beta — leave your email and we'll reach out when it's ready.