Censor JSON And Redactor
Censor JSON and Redact passwords, tokens, and PII in JSON with asterisks, [REDACTED], or custom text. Free, client-side - whole-word and key-matching options.
Paste JSON, list the words you want hidden, and the tool masks every matching value (and optionally every matching key). Three replacement modes — length-preserving asterisks, a static [REDACTED] tag, or your own label — plus whole-word and case-sensitivity toggles.
How to Use Censor JSON And Redactor
- Paste your JSON. Any valid JSON object, array, or primitive. The input is reformatted with 2-space indentation before rendering so you see the structure clearly.
- List the words to censor. Separate them with commas or line breaks. Each word is treated as a literal string - regex special characters are escaped automatically so patterns like
user(1).nameare safe. - Pick a replacement mode. Asterisks preserves the original length (
hunter2→*******). [REDACTED] uses a static label. Custom text lets you enter your own placeholder like[private]or###. - Toggle match options. "Also censor matching object keys" walks key names too (useful for hiding
apiTokenkey labels). "Match whole words only" uses\\bboundaries. "Case-sensitive" stopspassfrom matchingPASS. - Click Censor or press Ctrl/Cmd+Enter. The input is also debounced at 300ms, so editing patterns or JSON updates the preview live.
- Read the stats line. It shows pattern count, total replacements, values vs. keys censored, input/output byte sizes, and compute time.
- Copy or download. Copy puts the censored JSON on your clipboard; Download saves a timestamped .json file - perfect for pasting into issue trackers or sharing in chat.
Frequently Asked Questions
What types of sensitive data can I censor in JSON?
Any substring found in string values (and optionally object keys): passwords, API keys, emails, phone numbers, social security numbers, account IDs – anything text-based. Numbers, booleans, and null values are never modified.
Does censoring affect JSON structure or validity?
No. Arrays, nested objects, and key order are preserved. Only string content (and keys if you opted in) gets rewritten. The output is always valid, parseable JSON.
Can I censor data in nested JSON objects?
Yes. A recursive walker visits every branch of the tree, so a password buried five levels deep in nested objects or arrays is still found and masked.
Is my JSON data uploaded to a server?
No. All censoring runs entirely in your browser with plain JavaScript. Your JSON never leaves the page – no fetch, no WebSocket, no analytics on the payload.
Can I use regex or wildcards in patterns?
No – and this is intentional for safety. User input is treated as literal text: regex metacharacters are escaped so user(1) matches the literal string user(1). This avoids regex-injection crashes and catastrophic backtracking on untrusted input.
What happens if I censor a JSON key name?
Enable “Also censor matching object keys” in the match options. With it off (default), keys stay untouched and only values get masked. With it on, both are scanned and the stats line shows how many of each were replaced.
How large of a JSON blob can I censor?
Up to about 1 MB runs in well under 50ms for 10-20 patterns. Beyond that the live-preview 300ms debounce is your friend – click the Censor button once you have pasted the full text to avoid re-running on every keystroke.
Is this tool free to use?
Yes, completely free – no registration, subscription, or usage caps. Use it as often as you need for personal or commercial projects.
Can I customize the replacement text?
Yes. Three modes: asterisks with the same length as the match (the default), a static [REDACTED] tag, or any custom string you type such as [private], ###, or (…).
Will censoring work on JSON with special characters or Unicode?
Yes. Both the JSON and your pattern list are processed as UTF-16 strings. Patterns with accents, Greek, CJK, or emoji match the corresponding characters in the data correctly.