Open Source · 793 Patterns · Pure C · AMD Optimized

Stop leaking secrets
in your logs

Scan log streams for AWS keys, passwords, tokens, and 700+ other patterns. Up to 5M lines/sec with AVX2 SIMD on AMD Ryzen. Free for open-source and non-commercial use.

Try the Playground View API

plumbr

5M+

lines/sec (14 patterns)

0.3M

lines/sec (702 patterns)

detection patterns

175

MB/s throughput

heap allocs

Three-phase detection pipeline

SSE 4.2 hardware pre-filter rejects clean lines instantly. Aho-Corasick scans survivors in a single pass. PCRE2 JIT only fires on the ~5% with a hit.

stdin

SSE 4.2 Filter

Aho-Corasick

PCRE2 JIT

Redact

stdout

In real-world logs (~3% secrets), the SSE 4.2 filter skips 97% of lines before they reach Aho-Corasick

Built for production

No compromises on speed, safety, or simplicity.

O(n) Multi-Pattern

Aho-Corasick DFA scans for all 793 patterns in a single pass. Linear time regardless of pattern count.

AVX2 + SSE 4.2 SIMD

Hardware-accelerated byte scanning and line pre-filtering. Optimized for AMD Ryzen, works on any x86-64.

Zero Allocations

Arena allocator via mmap. No malloc, no free, no GC in the processing hot path.

ReDoS Protected

Match limits on every regex. No catastrophic backtracking, even with adversarial input.

Pipeline Native

stdin to stdout. Works with tail -f, docker logs, kubectl, Fluentd, Vector, Logstash.

3 Ways to Use

Native C binary for max speed. Python package via pip. REST API for testing and prototyping.

793 detection patterns

12 categories + 4 compliance profiles (HIPAA, PCI, GDPR, SOC2). Load all, or pick what you need.

Cloud109

Communication127

Payment79

VCS63

Infrastructure72

Crypto54

Secrets52

Social50

Database42

Analytics30

PII14

Auth10

Real benchmarks, real numbers

Tested on AMD Ryzen 5 5600X (6C/12T). Real-world workload: 1M log lines, 3% contain secrets.

Default (14 patterns)

FASTEST

AWS, GitHub, email, IP, JWT, passwords — covers 90% of use cases

Single-threaded3.7M lines/sec

Multi-threaded (8T)4.9M lines/sec

Full scan (702 patterns)

ALL PATTERNS

Every cloud, payment, VCS, infra, PII, and auth pattern loaded

Single-threaded2.1M lines/sec

Multi-threaded (8T)3.3M lines/sec

5M lines/sec

Native C Binary

AVX2 SIMD, SSE 4.2, AMD Ryzen optimized. For maximum throughput.

2M lines/sec

Python Package (bulk API)

Same C engine via ctypes. Bulk API for max throughput. pip install plumbrc.

~0.1ms

REST API (server-side)

Network latency is the bottleneck. Best for testing and prototyping.

REST API

Send text, get clean text back. Sub-millisecond processing on the server.

POST /api/redact

curl -X POST https://plumbr.ca/api/redact \
  -H "Content-Type: application/json" \
  -d '{"text": "key=AKIAIOSFODNN7EXAMPL3"}'

# Response:
{
  "redacted": "key=[REDACTED:aws_access_key]",
  "stats": {
    "lines_modified": 1,
    "patterns_matched": 1,
    "processing_time_ms": 0.066
  }
}

Honest note: The server processes each request in ~0.1ms, but network round-trip adds 100-800ms depending on your location. For production throughput, use the native C binary or Python package — both run locally with zero network overhead.

Get your API key

Python Package

pip install and start redacting in seconds.

Installation

pip install plumbrc

Usage

from plumbrc import Plumbr

# Initialize
p = Plumbr()

# Redact secrets
safe = p.redact("password=secret123")
print(safe)  # "[REDACTED:password]"

# Batch processing
lines = ["api_key=secret", "normal log", "token=xyz"]
safe_lines = p.redact_lines(lines)

# Context manager
with Plumbr() as p:
    safe = p.redact("AWS_KEY=AKIAIOSFODNN7EXAMPLE")

# Get statistics
print(p.pattern_count)  # 14
print(p.stats)          # {'lines_processed': 1, ...}

2M lines/sec

Bulk API with C engine

0.5 µs

Per line (bulk)

Zero deps

Pure ctypes FFI

Ready to ship clean logs?

Try in the browser, install via pip, or integrate the API.

Open Playground

pip install plumbrc

Stop leaking secretsin your logs