verrou — keep your secrets secret

verrou

A transparent DLP proxy that strips API keys, passwords, and credentials from AI assistant traffic — before they leave your machine.

$ verrou run
DNS stub listening on 127.0.0.1:53
TUN interface created  (tun-verrou)
TLS CA trusted  ·  HTTPS transparent
Discovered 4 secrets in ~/.env, ~/.ssh
Watching for changes  ·  hot-reload enabled
proxy ready  ·  0 secrets leaked

request early access watch the demo

features

verrou --help

zero-knowledge

Secrets replaced with opaque aliases before any request reaches an LLM provider. The AI sees <protected:db_pass1>, never the real value.

auto-discover

Scans .env files, SSH keys, and cloud credentials automatically. New secrets picked up instantly via inotify — no restart needed.

tls-intercept

Terminates and re-encrypts TLS with a locally-trusted CA. End-to-end encrypted to the provider, scanned in between.

transparent

No plugins, no editor changes, no code modifications. Works at the network level — install once, protect everything.

cross-platform

Runs on Linux · macOS · Windows — wherever your team develops. VS CodeCursorClaude CodeCopilot

audit-log

Every interception is logged locally — which secret, which provider, which timestamp. Full visibility into what your AI tools are trying to send.

architecture

how it works

DNS stub

Intercepts lookups for target domains (api.openai.com, api.anthropic.com…) and returns a fake IP. Only those domains are affected.

TUN capture

A userspace TUN interface captures traffic to those fake IPs — no iptables rules, no persistent system state, auto-removed on exit.

TLS termination & scan

Verrou terminates TLS, decrypts the request, and runs Aho-Corasick over the body — O(n) single-pass secret replacement.

Forward & restore

Sanitized request forwarded upstream over fresh TLS. Aliases in the response translated back before reaching your editor.

intercepted request

# outbound — what your editor sends: POST https://api.anthropic.com/v1/messages { "messages": [ { "role": "user", "content": "connect to postgres://admin:s3cr3t@db.prod/app" } ] } # after verrou — what the LLM receives: POST https://api.anthropic.com/v1/messages { "messages": [ { "role": "user", "content": "connect to postgres://$__VERROU_PG_URL@db.prod/app" } ] } # on response — alias translated back transparently [✓] $__VERROU_PG_URL → admin:s3cr3t@db.prod

contact

request early access

Verrou is in early access. We're working with teams who ship AI-assisted code and care about keeping credentials out of third-party servers.

Security-conscious teams, solo developers, or just curious — reach out and we'll get back to you.

Or directly:
$ mail hello@verrou.sh

verrou request-access