Secret Redaction
Your secrets never leave your machine -- redaction happens before output is shared.
What you'll see
- Launch
ryshandecho API_KEY=sk-ant-secret-123456to put a secret in the buffer. - Double-Escape into rysh mode and run
##private pane printto show the raw buffer with the secret visible locally. ##public pane printshows the redacted version -- the same output the SharedOutputActor forwards upstream.##share pane view; the SharedOutputActor redacts before output leaves the session, so the server never sees raw secrets.
Commands shown
rysh
echo API_KEY=sk-ant-secret-123456
##private pane print
##public pane print
##share pane view
Keys used
EnterEscape
Transcript
0:00Your secrets never leave your machine -- redaction happens before output is shared.
0:03Start rysh. Suppose your terminal output contains an API key or token -- exactly the thing you don't want to broadcast.
0:09Double-Escape into rysh mode. ##private pane print shows the raw buffer -- everything, secrets included, on your screen.
0:28When you share a pane, the SharedOutputActor redacts before output leaves the session, so the server never sees raw secrets.
0:38Redaction plus a command blocklist means collaboration without leaking credentials. Share with confidence.
Key takeaway
The SharedOutputActor redacts secrets before output leaves the local session -- ##public shows what gets shared, and a command blocklist guards control-mode input.