Hybrid Privacy

Inkog is designed with privacy as a core principle. Your secrets never leave your machine.

How It Works

Inkog uses a hybrid approach to protect your sensitive data:

1. Secrets detected locally - API keys, passwords, and tokens are found on your machine
2. Automatic redaction - Sensitive values are replaced with placeholders before analysis
3. Safe analysis - Only sanitized code is processed
4. Results merged - Local secret findings are combined with security analysis

What Gets Redacted

Inkog automatically detects and redacts:

• API keys (OpenAI, AWS, Google, etc.)
• Passwords and secrets
• Private keys (RSA, SSH, etc.)
• Database connection strings
• OAuth tokens
• Email addresses and PII

Example

Before redaction:

api_key = "sk-proj-abc123..."
password = "hunter2"

After redaction:

api_key = "[REDACTED:API_KEY]"
password = "[REDACTED:SECRET]"

Secrets in Prompts

Inkog detects when sensitive data appears in LLM prompts:

# Embedding secrets in prompts
def get_response(query):
  prompt = f"""
  API Key: {os.environ['OPENAI_KEY']}
  Database: {DB_CONNECTION_STRING}

  Answer this: {query}
  """
  return llm.generate(prompt)

# Secrets properly isolated
def get_response(query):
  # Secrets never in prompt
  prompt = QUERY_TEMPLATE.format(query=sanitize(query))

  # Keys passed via SDK config
  return llm.generate(
      prompt,
      api_key=get_secret("OPENAI_KEY")
  )

Compliance Benefits

GDPR (EU)

SOC 2

HIPAA

For healthcare AI applications:

• PHI protection - Sensitive data redacted
• Audit logs local - Full control over log retention
• Data isolation - Your data stays on your infrastructure

Enterprise Deployment

Inkog can be deployed in air-gapped and high-security environments:

# Install locally
curl -L https://releases.inkog.io/latest/inkog | tar xz
./inkog .