Available on the Chrome Web Store

Never paste a secret
into the wrong place again

ClipGuard detects API keys, tokens, and passwords in real-time and blocks risky pastes. Detection is local, and sensitive pasted content is never uploaded.

🛡️ Add to Chrome — It's Free See How It Works ↓

github.com/org/repo/issues/42

Hey, here's the error I'm getting:

$ export OPENAI_API_KEY=sk-proj-AbCdEf1234567890abcdef

$ curl https://api.openai.com/v1/chat/completions \

-H "Authorization: Bearer $OPENAI_API_KEY"

⚠️

ClipGuard blocked this paste
Detected: OpenAI Project Key (sk-proj-...) — High Risk Site (GitHub)

Features

Everything you need to stop secret leaks

ClipGuard works silently in the background, catching secrets before they leave your browser.

🔍

Real-Time Detection

Scans every paste event for 20+ secret patterns including OpenAI, AWS, GitHub tokens, JWT, private keys, and more. Catches secrets in milliseconds.

🚫

Smart Blocking

On high-risk sites like GitHub, Slack, and Discord, ClipGuard blocks the paste entirely and shows a warning. On other sites, a subtle toast keeps you informed.

🔒

100% Private

Secret detection happens locally in your browser. Pasted text and detected secret values are never uploaded. Pro contacts only the license service.

📊

Stats Dashboard

Track how many secrets you've prevented from leaking. See which patterns trigger most often and which sites are the riskiest for you.

Detection Coverage

20+ secret patterns detected out of the box

Plus custom regex patterns for your organization's specific secrets.

OpenAI API Keys

Anthropic API Keys

Google AI Keys

GitHub Tokens

GitLab Tokens

AWS Access Keys

Stripe Keys

Slack Webhooks

Discord Webhooks

JWT Tokens

Private Keys (RSA/EC/PGP)

MongoDB URIs

PostgreSQL URIs

Redis URIs

HuggingFace Tokens

Cloudflare Keys

.env Files

Custom Regex

Pricing

Simple, transparent pricing

Start free. Upgrade when you need more power.

Free

forever

20+ built-in secret patterns
Paste blocking on high-risk sites
Warning toasts on all sites
Stats dashboard
Desktop notifications
Local custom regex patterns
No account required

Get Started Free

Pro (sandbox preview)

/month — or $48/year (20% off)

Everything in Free
Local audit log export (CSV/JSON)
Per-site scanning exclusions
Up to 3 browser activations
Seven-day offline license grace
Email support (24h response)

Test Pro Checkout — $5/mo Test Annual Checkout — $48/yr

Team (planned)

/user/month (min 5 seats)

Everything in Pro
Team dashboard & analytics
Slack/Teams alerts
Enforced policies
Shared custom patterns
Compliance reports
Priority support

Join Team Waitlist

FAQ

Frequently asked questions

Does ClipGuard send my data anywhere?

Pasted text and detected secret values never leave your browser. ClipGuard Pro sends only license and installation metadata to verify paid access. Payment and license delivery are handled by Creem.

What sites does ClipGuard work on?

ClipGuard works on every website. It's especially useful on GitHub, GitLab, Slack, Discord, Stack Overflow, Reddit, Hacker News, Jira, Confluence, and any other site where you might share code or text.

Can I add my own secret patterns?

Yes. Local custom regex patterns are included in the free plan. Pro adds audit exports, per-site exclusions, and multi-device activation.

Does ClipGuard slow down my browser?

No. ClipGuard is lightweight and only activates on paste events. The regex matching happens in microseconds. You won't notice any performance impact.

What about Firefox / Edge / Safari?

ClipGuard currently supports Chrome and any Chromium-based browser (Edge, Brave, Arc, Opera). Firefox support is in development. Safari does not support Manifest V3 extensions yet.

How is this different from GitGuardian or truffleHog?

GitGuardian and truffleHog scan your git history for secrets that have already been committed. ClipGuard prevents secrets from being pasted in the first place — it's proactive, not reactive. They complement each other well.

Never paste a secretinto the wrong place again