Book a demo

A 30-minute walkthrough on your real providers. We'll deploy CodeVector against your OpenAI or Anthropic key, configure Claude Code or Cursor live, and answer the questions your security team will ask. No slides.

Request deployment access

Tell us about your deployment and we will send Docker registry credentials for the private image and a license token for your environment.
Docs / Secret Rules

Secret Rules

Block sensitive content before it reaches upstream providers with regex-based secret rules in CodeVector. Install template packs or write custom patterns.

Your gateway URL

Pin your own gateway hostname and we'll rewrite the routes and curl examples on every docs page so you can click straight through to the live console. Stored locally in your browser.

Secret rules scan prompt content with regex patterns before sending to upstream providers. If a rule matches, the request is blocked and the provider never sees the content.

The Secret Rules page

Secret Rules list showing names, regex patterns, status badges, and last updated dates

The Secret Rules list shows every rule with its pattern, status, and last update.

Open /admin/secret-rules to see all rules. The table shows:

  • Name - the rule label.
  • Pattern - the regex, truncated for display.
  • Status - Enabled or Disabled.
  • Updated - when the rule was last modified.

Installing template packs

Click Install template pack to add pre-built rules for common secret patterns:

  • AWS access keys
  • GitHub personal access tokens
  • Slack webhooks
  • Generic high-entropy strings

Template packs are idempotent - re-installing skips rules that already exist.

Creating custom rules

New secret rule slideover with Name, Pattern (JavaScript regex), and Enabled toggle, plus a Create rule button

The new-rule slideover takes a name and a JavaScript-compatible regex. The Enabled toggle controls whether the rule applies on save.

Click Add rule and enter:

  • Name - unique label, also used for template-pack dedupe.
  • Pattern - a JavaScript regex (case-insensitive). Tested against the full prompt content.
  • Enabled - toggle off to save a rule in disabled state.

Test your regex against sample prompts before enabling it in production. Changes propagate within 60 seconds.

What happens when a rule matches

The gateway returns HTTP 400 with a secret_blocked error. The request is not forwarded to the provider and is not billed. The event is logged to the audit log.

Frequently asked questions

What happens when a secret rule matches?

The gateway returns a 400 error with a secret_blocked message. The request is not forwarded to the provider.

How fast do changes take effect?

Secret rules are compiled and cached per process. Changes propagate within 60 seconds.

Can I write my own regex?

Yes. Click Create rule and enter a name, description, and JavaScript-compatible regex pattern.

  • Audit Log. View secret rule match events and other admin mutations.
  • Providers. The upstream endpoints that secret rules protect.