Skip to content
gloom

psst

Your team shares secrets in Slack. It happens. psst catches leaked API keys, tokens, and credentials before they spread. No shame, no blame, just a quiet heads up.

#engineering
devon hey can someone test the staging endpoint? here's the key: sk_live_4eC39H···
psst Heads up, that looks like a Stripe live key. It's been redacted from the channel. You'll want to rotate it at dashboard.stripe.com/apikeys
psst → devon (DM) No worries, happens to everyone. The key was removed and your security team has been notified. Rotation guide is pinned above.

How it works

Add psst to Slack. It watches every message, matches against 40+ patterns, and handles it quietly.

01

Scan

Every message checked in real-time against compiled regexes. Fast enough that nobody notices.

02

Match

AWS keys, GitHub PATs, Stripe tokens, private keys, JWTs, connection strings, SSNs. The usual suspects.

03

Act

Thread reply, DM, auto-delete, alert the security channel. Configurable per severity. Critical stuff gets removed immediately.

04

Log

Every detection recorded in SQLite. Who, when, what matched, what psst did about it.

40+ patterns, or bring your own

Ships with coverage for the things people actually paste. Add custom patterns in YAML.

AWS keys
GitHub PATs
Stripe keys
OpenAI keys
Anthropic keys
GCP API keys
Azure tokens
Slack tokens
Twilio auth
Private keys
JWTs
DB strings
SSNs
Credit cards

Config as code

YAML config, version controllable, PR your detection patterns. Or use the Slack app home GUI. They stay in sync.

psst.yaml
# what to look for patterns: builtin: [aws, github, stripe, openai] custom: - name: Internal Token regex: "myco_[a-zA-Z0-9]{32}" severity: critical # what to do about it actions: critical: [delete, dm, alert] high: [reply, dm, alert] medium: [reply] low: [log] alert_channel: "#security-alerts"

Self-hosted or we run it for you

Your data never has to leave your infra. Or don't think about infra at all.

self-hosted

$ git clone https://github.com/gloom-tools/psst.git $ cp .env.example .env $ docker compose up -d

hosted

one click. we're onboarding teams now.

Why this exists

Most DLP tools are built for compliance teams. Enterprise dashboards, ML black boxes, scary "VIOLATION DETECTED" alerts. psst is built for engineers who kept seeing API keys in Slack and thought "someone should fix this." Transparent regex you can read. Friendly messages that help, not shame. Config as code, not enterprise UI.

Free while we figure out pricing.

psst is open source and free to self-host forever. The hosted version is in beta. Everything works, we just haven't gotten around to charging for it yet.

beta
$0 /month, for now
  • Unlimited Slack workspaces
  • 40+ built-in detection patterns
  • Custom pattern support
  • Auto-redaction + DM notifications
  • Full detection audit log
Get early access

MIT licensed. Self-host it if you'd rather.

github contact