Overview
Redaction patterns scan agent inputs and tool outputs, replacing text that matches known secret formats with ⟦SECRET_REDACTED⟧. This helps prevent sensitive values from reaching the model or being stored locally or on the server.
Pattern-based redaction is always active. It runs independently of the secrets feature and catches sensitive values even when they are not registered as secrets.
How redaction works
Poolside runs tool output and user input through a redaction pipeline before the agent sees it:
- Exact-value redaction: Replaces values that were resolved through
⟦secret⋮<name>⟧ interpolation. See Secrets for details.
- Pattern-based redaction: Matches the text against a combined set of regular expression patterns from all sources.
For tool output, Poolside runs both layers in sequence. All matches are replaced with ⟦SECRET_REDACTED⟧. For user input, pattern-based redaction applies to text user messages before Poolside stores them in trajectories or adds them to model context.
Pattern sources
Patterns come from three sources, merged at runtime. No pattern from any source can be removed. The merge is append-only.
| Source | Managed by |
|---|
| Built-in patterns | Poolside |
| Organization patterns | Administrators (via Poolside Console) |
| User patterns | Individual users (via settings.yaml) |
Built-in patterns
Poolside includes 28 built-in regular expression patterns that detect common secret formats. These are always active and cannot be turned off.
| Pattern | Prefix / marker | Example match |
|---|
| AWS access key ID | AKIA | AKIA1234567890ABCDEF |
| AWS session token | ASIA | ASIA1234567890ABCDEF |
| AWS STS token | ABIA | ABIA1234567890ABCDEF |
| AWS CloudFront key | ACCA | ACCA1234567890ABCDEF |
| GitHub fine-grained PAT | github_pat_ | github_pat_abc123... |
| GitHub classic PAT | ghp_ | ghp_abc123... |
| GitHub OAuth token | gho_ | gho_abc123... |
| GitHub user-to-server token | ghu_ | ghu_abc123... |
| GitHub server-to-server token | ghs_ | ghs_abc123... |
| GitHub refresh token | ghr_ | ghr_abc123... |
| OpenAI project key | sk-proj- | sk-proj-abc123... |
| OpenAI service account key | sk-svcacct- | sk-svcacct-abc123... |
| OpenAI API key | sk- | sk-abc123... |
| Anthropic API key | sk-ant- | sk-ant-abc123... |
| Stripe webhook secret | whsec_ | whsec_abc123... |
| Stripe key | rk_, sk_, pk_ | sk_live_abc123... |
| Google API key | AIza | AIza1234567890-abc |
| Slack bot token | xoxb- | xoxb-1234-5678-abc |
| Slack user token | xoxp- | xoxp-1234-5678-abc |
| Slack app token | xapp- | xapp-1234-5678-abc |
| NPM token | npm_ | npm_abc123... |
| PyPI token | pypi- | pypi-abc123... |
| Poolside access token | ps- | ps-abc123...-def456... |
| Poolside refresh token | psr- | psr-abc123...-def456... |
| JSON Web Token (JWT) | eyJ | eyJhbGciOiJ... |
| Bearer token header | Bearer | Bearer eyJhbGci... |
| PEM private key | -----BEGIN...PRIVATE KEY----- | Full PEM block |
| Fireworks API key | fw_ | fw_abc123... |
Organization patterns
Administrators can manage redaction patterns for their organization in the Poolside Console under Security > 
Redaction Patterns. Poolside merges organization patterns with built-in and user patterns.
Organization patterns follow the same validation rules as user patterns.
User patterns
Add custom redaction patterns to secrets.redact_patterns in your settings.yaml file:
secrets:
redact_patterns:
- name: internal_api_key
pattern: "MYCO_[A-Za-z0-9]{32}"
- name: database_dsn
pattern: "postgres://[^\\s]+"
name: A non-empty identifier for the pattern.pattern: A valid RE2 regular expression.
Validation rules
Poolside rejects patterns that match common code tokens such as empty strings, function, 123, hello world, true, const, or return. This prevents overly broad patterns like .* from stripping useful content from tool output.
Settings file locations
| File location | Use this for |
|---|
.poolside/settings.local.yaml | Personal, project-specific.
Do not commit. Takes precedence over all other files. |
.poolside/settings.yaml | Shared, project-specific.
Commit and share with your team. |
~/.config/poolside/settings.yaml | Personal defaults, all projects.
Applies when no project-level settings override it. |
Invalid patterns surface as errors rather than being silently dropped. A rejected pattern could leave secrets exposed, so fix validation errors before proceeding.
Manage organization patterns
Prerequisites
- You belong to a team with the
tenant-admin role.
Steps
- In the Poolside Console, navigate to Security > Redaction Patterns.
- Click Add Pattern.
- In Name, enter a descriptive name for the pattern.
- In Pattern (RE2 regex), enter the regular expression you want Poolside to redact.
- In Test your pattern, paste or edit sample text to confirm that the pattern matches the values you expect to redact.
- Click Save.
Redaction warnings
When redaction is triggered excessively during an agent step, Poolside displays a warning to you (not to the agent).
| Trigger | Threshold | What it means |
|---|
| An exact secret value is redacted too many times in one step | More than 3 replacements per step | The secret value may be too short or too common, causing false positives |
| A pattern-based match is detected in tool output | Any match | Tool output contains a string that matches a known secret format. In normal operation, secret-format strings should not appear in tool output, so any match indicates a potential exposure. |
pool CLI as yellow warning messages. Each warning displays only once per session to avoid noise.
If you see repeated redaction warnings for a specific secret, consider using a longer, unique secret value.
Troubleshooting
Legitimate values are being redacted
If you see ⟦SECRET_REDACTED⟧ in places where no actual secret exists, a built-in pattern may be matching a non-secret value. Built-in patterns cannot be turned off. If this affects your workflow, check whether the redacted value matches one of the built-in patterns and consider restructuring the output to avoid the match.
Redaction warnings appear repeatedly
Frequent redaction warnings for a specific secret usually mean the secret value is too short or too generic. Replace it with a longer, unique value.
Custom pattern rejected during validation
Poolside rejects custom patterns that match common code tokens. Make your pattern more specific. For example, instead of [A-Za-z]+, use a pattern that includes a distinguishing prefix like MYCO_[A-Za-z0-9]{32}.
