> ## Documentation Index > Fetch the complete documentation index at: https://docs.praison.ai/llms.txt > Use this file to discover all available pages before exploring further. # Security & Redaction > Privacy hardening for context snapshots and monitoring Context security features protect sensitive data in snapshots and validate output paths. ## Quick Start ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} from praisonaiagents import ContextManager, ManagerConfig config = ManagerConfig( redact_sensitive=True, # Enable redaction allow_absolute_paths=False, # Restrict paths monitor_path="./context.txt", # Safe relative path ) manager = ContextManager(config=config) ``` ## Redaction Patterns Automatically redacted: | Pattern | Example | | --------------- | ------------------ | | OpenAI keys | `sk-abc123...` | | Anthropic keys | `sk-ant-...` | | Google API keys | `AIzaSy...` | | Google OAuth | `ya29....` | | AWS access keys | `AKIA...` | | Bearer tokens | `Bearer ...` | | Passwords | `password = "..."` | | API keys | `api_key: "..."` | ## Using Redaction ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} from praisonaiagents import redact_sensitive text = "My API key is sk-abc123def456ghi789" safe = redact_sensitive(text) # "My API key is [REDACTED]" ``` ## Path Validation ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} from praisonaiagents import validate_monitor_path # Valid paths is_valid, error = validate_monitor_path("./context.txt") # (True, "") # Path traversal blocked is_valid, error = validate_monitor_path("../../../etc/passwd") # (False, "Path traversal (..) not allowed") # Absolute paths blocked by default is_valid, error = validate_monitor_path("/tmp/context.txt") # (False, "Absolute paths not allowed...") # Allow absolute explicitly is_valid, error = validate_monitor_path( "/tmp/context.txt", allow_absolute=True, ) # (True, "") ``` ## Ignore/Include Patterns Respect `.praisonignore` and `.praisoninclude` files: ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} from praisonaiagents import ( should_include_content, load_ignore_patterns, ) # Load patterns from files ignore, include = load_ignore_patterns(".") # Check if file should be included if should_include_content("secret.key", ignore, include): # Include in snapshot pass ``` ### .praisonignore ``` # Ignore patterns (glob) *.key *.pem *.env secrets/ node_modules/ ``` ### .praisoninclude ``` # Include patterns (whitelist) *.py *.js *.md ``` ## Configuration ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} config = ManagerConfig( redact_sensitive=True, # Enable redaction allow_absolute_paths=False, # Block absolute paths monitor_path="./context.txt", ) ``` ### Environment Variables ```bash theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} export PRAISONAI_CONTEXT_REDACT=true ``` ## Redaction in Snapshots All snapshot outputs are redacted: ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} # Human format # API key: [REDACTED] # JSON format # {"content": "API key: [REDACTED]"} ``` ## Adding Custom Patterns ```python theme={"theme":{"light":"vitesse-light","dark":"vitesse-dark"}} from praisonaiagents.context.monitor import SENSITIVE_PATTERNS # Add custom pattern SENSITIVE_PATTERNS.append(r'my-custom-token-[a-z0-9]+') ``` ## Best Practices 1. **Always enable redaction** - Default is on 2. **Use relative paths** - Avoid absolute paths 3. **Review .praisonignore** - Exclude sensitive files 4. **Audit snapshots** - Check for leaked secrets 5. **Rotate keys** - If accidentally exposed